Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13102.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have ""root"" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13150.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13096.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (""write-what-where"") from an attacker-chosen device address within the same subnet.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an ""echo"" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,LOW,HIGH
"An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,HIGH,NONE
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527.,LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as ""if"") and b is the SQL statement to be executed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects all versions of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.The vulnerability is due to a crash that occurs during a hash lookup for a SIP pinhole connection. An attacker could exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for ""prismaFmtBinPath"". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the ""lib/common/shapes.c"" component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests to Kirby's API with the permissions of the victim. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. Visitors without Panel access can only use this attack vector if your site allows SVG file uploads in frontend forms and you don't already sanitize uploaded SVG files. The problem has been patched in Kirby 3.5.4. Please update to this or a later version to fix the vulnerability. Frontend upload forms need to be patched separately depending on how they store the uploaded file(s). If you use `File::create()`, you are protected by updating to 3.5.4+. As a work around you can disable the upload of SVG files in your file blueprints.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192702.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.  NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment ""began several weeks ago and will be complete in the coming days.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Apache OFBiz has unsafe deserialization prior to 17.12.07 version,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196017.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12528.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to ""protect"" a page, a user is currently able to protect to a higher level than they currently have permissions for.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12220.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12221.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection in the ""evoadm.php"" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the ""cf_name"" parameter when creating a new filter under the ""Collections"" tab.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13190.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13188.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13187.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13186.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a ""purpose"" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named ""purpose"" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any ""Add"" sections, such as Add Item , Employee and Position or others in the Name Parameters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information or causing a partial denial of service (DoS) condition on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the ""user_phone"" parameter of a crafted HTTP request to the ""admin.php"" component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the ""typeid"" variable of the ""createfolderAjax"" function in the ""mode_worcAction.php"" component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component ""/mc-admin/post-edit.php"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the ""A Confusing Dependency"" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27053.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,LOW
"A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with ""new byte"" may depend on untrusted input within the header of encoded data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. The following logs/alarms will be observed when this condition exists: user@junos> show chassis alarms 2 alarms currently active Alarm time Class Description 2020-10-11 04:33:45 PDT Minor Potential slow peers are: MSP(FPC1-PIC0) MSP(FPC3-PIC0) MSP(FPC4-PIC0) Logs: Oct 11 04:33:44.672 2020 test /kernel: rts_peer_cp_recv_timeout : Bit set for msp8 as it is stuck Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: Error in parsing composite nexthop Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: composite nexthop parsing error Oct 11 04:43:05 2020 test /kernel: rt_pfe_veto: Possible slowest client is msp38. States processed - 65865741. States to be processed - 0 Oct 11 04:55:55 2020 test /kernel: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (8311787520) Current delayed unref = (60000), Current unique delayed unref = (10896), Max delayed unref on this platform = (40000) Current delayed weight unref = (71426) Max delayed weight unref on this platform= (400000) curproc = rpd Oct 11 04:56:00 2020 test /kernel: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 This issue only affects PTX Series devices. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on PTX Series: 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c ""show heap 0"" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c ""show heap 0"" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,LOW,NONE
"OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT21 model GT2107-WTBD all versions ,GOT2000 series GT21 model GT2107-WTSD all versions, GOT SIMPLE series GS21 model GS2110-WTBD-N all versions and GOT SIMPLE series GS21 model GS2107-WTBD-N all versions allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the ""VNC server"" function is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,NONE,HIGH,HIGH
"An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like ""//../foo"", or ""\\..\foo"", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus ""limited"" path traversal), if the calling code would use the result to construct a path value.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""origin"" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Microsoft splwow64 Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a ""hidden"" user exists.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the ""do_del()"" method of the component ""database.admincp.php"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the ""CKEditorFuncNum"" parameter in the component ""CkeditorUploadController.java"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of ""AUX"" as the initial substring of a filename.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Legal Entity Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Legal Entity Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Legal Entity Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"As specified in the W3C Content Security Policy draft, when creating a violation report, ""User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"""Clear History and Website Data"" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using "".."" in tar archive entries",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"### Impact - This issue could be exploited to read internal files from the system and write files into the system resulting in remote code execution ### Patches - This issue has been fixed on 0.0.3 version by adding a regex that validate if there's any arguments on the command. then disallow execution if there's an argument ### Workarounds - To fix this issue from your side, just upgrade discord-recon, if you're unable to do that. then just copy the code from `assets/CommandInjection.py` and overwrite your code with the new one. that's the only code required. ### Credits - All of the credits for finding these issues on discord-recon goes to Omar Badran. ### For more information If you have any questions or comments about this advisory: * Email us at [mdaif1332@gmail.com](mailto:mdaif1332@gmail.com)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the ""Task Detail"" comment window of the ""/dotAdmin/#/c/workflow"" component.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608),LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in LOGO! Soft Comfort (All versions). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in LOGO! Soft Comfort (All versions). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is Prior to 2.12.41. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Template, GTIN search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Concurrent Processing accessible data as well as unauthorized access to critical data or complete access to all Oracle Concurrent Processing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Inventory Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HRMS (France). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HRMS (France) accessible data as well as unauthorized access to critical data or complete access to all Oracle HRMS (France) accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href="" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rs?type=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. This, in turn, may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. When a high rate of transit ARP packets are exceptioned to the CPU and BFD flaps, the following log messages may be seen: bfdd[15864]: BFDD_STATE_UP_TO_DOWN: BFD Session 192.168.14.3 (IFL 232) state Up -> Down LD/RD(17/19) Up time:11:38:17 Local diag: CtlExpire Remote diag: None Reason: Detect Timer Expiry. bfdd[15864]: BFDD_TRAP_SHOP_STATE_DOWN: local discriminator: 17, new state: down, interface: irb.998, peer addr: 192.168.14.3 rpd[15839]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to peer on irb.998, reason: BFD Session Down bfdd[15864]: BFDD_TRAP_SHOP_STATE_UP: local discriminator: 17, new state: up, interface: irb.998, peer addr: 192.168.14.3 This issue only affects the ACX5448 Series and ACX710 Series routers. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 18.2 versions prior to 18.2R3-S8 on ACX5448; 18.3 versions prior to 18.3R3-S5 on ACX5448; 18.4 versions prior to 18.4R1-S6, 18.4R3-S7 on ACX5448; 19.1 versions prior to 19.1R3-S5 on ACX5448; 19.2 versions prior to 19.2R2, 19.2R3 on ACX5448; 19.3 versions prior to 19.3R3 on ACX5448; 19.4 versions prior to 19.4R3 on ACX5448; 20.1 versions prior to 20.1R2 on ACX5448; 20.2 versions prior to 20.2R2 on ACX5448 and ACX710.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iStore accessible data as well as unauthorized access to critical data or complete access to all Oracle iStore accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSetup. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iSetup accessible data as well as unauthorized access to critical data or complete access to all Oracle iSetup accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Labor Distribution accessible data as well as unauthorized access to critical data or complete access to all Oracle Labor Distribution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Inquiries). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Subledger Accounting accessible data as well as unauthorized access to critical data or complete access to all Oracle Subledger Accounting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Tax. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Tax accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Tax accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.,LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,HIGH,NONE
"Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI). Supported versions that are affected are 11.1.2.4 and 12.2.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: India Localization, Results). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: iRecruitment). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Universal Work Queue accessible data as well as unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via SKID to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Landed Cost Management product of Oracle E-Business Suite (component: Shipment Workbench). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Landed Cost Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Landed Cost Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Landed Cost Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite (component: Hold Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Project Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Project Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access to critical data or complete access to all Oracle Service Contracts accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Storage Cloud Software Appliance. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from <a href="" https://www.oracle.com/downloads/cloud/oscsa-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rstype=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from <a href="" https://www.oracle.com/downloads/cloud/oscsa-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rstype=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Projects product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Projects accessible data as well as unauthorized access to critical data or complete access to all Oracle Projects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitation of this issue requires direct, adjacent connectivity to the vulnerable component. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Drupal versions 5.x and 6.x has open redirection,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Bill Presentment Architecture product of Oracle E-Business Suite (component: Template Search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bill Presentment Architecture. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Bill Presentment Architecture accessible data as well as unauthorized access to critical data or complete access to all Oracle Bill Presentment Architecture accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Receipts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Receivables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Receivables accessible data as well as unauthorized access to critical data or complete access to all Oracle Receivables accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Intelligence accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Compensation Workbench product of Oracle E-Business Suite (component: Compensation Workbench). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Compensation Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Compensation Workbench accessible data as well as unauthorized access to critical data or complete access to all Oracle Compensation Workbench accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Depot Repair accessible data as well as unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Installed Base accessible data as well as unauthorized access to critical data or complete access to all Oracle Installed Base accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite (component: Install and Upgrade). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Execution. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Execution accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Execution accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Advanced Global Intercompany). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials Common Modules. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials Common Modules accessible data as well as unauthorized access to critical data or complete access to all Oracle Financials Common Modules accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: Manage Requisition Status). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"ImageMagick before 7.0.8-50 has a ""use of uninitialized value"" vulnerability in the function ReadCUTImage in coders/cut.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the "" Admin/DataAction.class.php"" component.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to "" /index.php?s=/admin-tpl-del&id="".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On PTX Series and QFX10k Series devices with the ""inline-jflow"" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active ""traffic flows"" are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. Sustained receipt of large traffic flows and reconvergence-like situations may sustain the Denial of Service (DoS) situation. This issue affects: Juniper Networks Junos OS: 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series, QFX10K Series.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the ""refresh"" flow is no longer used).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! The DMA buffers on the FPC can be monitored by the executing vty command 'show heap': ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 4a46000 268435456 238230496 30204960 11 Kernel 1 18a46000 67108864 17618536 49490328 73 Bcm_sdk 2 23737000 117440512 18414552 99025960 84 DMA buf <<<<< keeps increasing 3 2a737000 16777216 16777216 0 0 DMA desc This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects DHCPv6. DHCPv4 is not affected by this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain, including potentially malicious sites. This security issue does not directly impact the security of the web application itself. As a workaround, one can use a reverse proxy to strip the query parameter from the affected endpoint. There is a patch for version 4.28.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `<` and `>` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2;",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""order_col"" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) condition. An indication of compromise is to check DDOS LACP violations: user@device> show ddos-protection protocols statistics brief | match lacp This issue only affects the MX Series platforms with Trio-based MPC. No other products or platforms are affected. This issue affects: Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2;",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 16.1R1 and later versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,HIGH,LOW
"A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. Continued receipt and processing of these malformed packets will create a sustained Denial of Service (DoS) condition. While the Services PIC is restarting, all PIC services will be bypassed until the Services PIC completes its boot process. An attacker sending these malformed HTTP packets to the device who is not part of the Captive Portal experience is not able to exploit this issue. This issue is not applicable to MX RE-based CPCD platforms. This issue affects: Juniper Networks Junos OS on MX Series 17.3 version 17.3R1 and later versions prior to 17.4 versions 17.4R2-S9, 17.4R3-S2; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect: Juniper Networks Junos OS versions prior to 17.3R1.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos> monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) <<<< egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) <<<< ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) <<<< egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) <<<< ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4, 17.4R3-S5; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2;",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos OS platforms with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free kmem_map memory = (20770816) curproc = kmd An administrator can use the following CLI command to monitor the status of memory consumption (ifstat bucket): user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 2588977 162708K - 19633958 <<<< user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 3021629 189749K - 22914415 <<<< This issue does not affect the following platforms: Juniper Networks MX Series. Juniper Networks PTX1000-72Q, PTX3000, PTX5000, PTX10001, PTX10002-60C, PTX10003_160C, PTX10003_80C, PTX10003_81CD, PTX10004, PTX10008, PTX10016 Series. Juniper Networks EX9200 Series. Juniper Networks ACX710, ACX6360 Series. Juniper Networks NFX Series. This issue affects Juniper Networks Junos OS: 17.1 versions 17.1R3 and above prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.2 versions prior to 18.2R3-S7, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS prior to 17.1R3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply, as CPU bound packets will be throttled and dropped in the PFE when the limits are exceeded. To check if the device has this issue, the administrator can execute the following command to monitor the status of DDoS protection: user@device> show ddos-protection protocols error: the ddos-protection subsystem is not running This issue affects only QFX5100-96S devices. No other products or platforms are affected by this issue. This issue affects: Juniper Networks Junos OS on QFX5100-96S: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R3, 19.1R3-S4; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2;",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,HIGH,LOW
"Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. This issue affects: Juniper Networks Junos OS on SRX Series: 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9; 17.4R3 and later versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S1; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. An indicator of compromise can be the following text in the UTM log: RT_UTM: AV_FILE_NOT_SCANNED_PASSED_MT:",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S2. 19.4 versions 19.4R3 and above. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the ""Login name or password is incorrect"" and ""No permissions for system access"" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ReplicationHandler (normally registered at ""/replication"" under a Solr core) in Apache Solr has a ""masterUrl"" (also ""leaderUrl"" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the ""shards"" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a ""skeleton key.""",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a ""system"" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library ""libmailutils.so"" is the one that has the vulnerable function ""sub_1FC4"" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter ""receiver1"" is extracted in function ""sub_15AC"" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in ""cgibox"" binary at address 0x00023BCC which calls the ""Send_mail"" function in ""libmailutils.so"" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the ""Authorization: Basic"" RTSP header and stores it on the stack. The number of bytes to be copied are calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data then it can hold on stack and this results in corrupting the registers for the caller function sub_F6CC which results in memory corruption. The severity of this attack is enlarged by the fact that the same value is then copied on the stack in the function 0x00011378 and this allows to overflow the buffer allocated and thus control the PC register which will result in arbitrary code execution on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device's password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string ""admin"" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href="" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rs?type=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href="" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rs?type=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href="" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html"">here. Refer to Document <a href=""https://support.oracle.com/rs?type=doc&id=2768897.1"">2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the current user on the host system. Was ZDI-CAN-12130.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an ""invalid fold.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Sales Offline. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Sales Offline. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Oracle Solaris accessible data. Note: This vulnerability applies to Oracle Solaris on SPARC systems only. CVSS 3.1 Base Score 6.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Email Center. While the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customers Online. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customers Online accessible data as well as unauthorized access to critical data or complete access to all Oracle Customers Online accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the ""jsonp"" and ""callback"" JSONP parameters, enabling cross-domain requests.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management. CVSS 3.1 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,LOW,LOW,LOW
"HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Document Management and Collaboration. While the vulnerability is in Oracle Document Management and Collaboration, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Document Management and Collaboration accessible data as well as unauthorized update, insert or delete access to some of Oracle Document Management and Collaboration accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,LOW,NONE
"An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called ""Authenticate"" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter ""-f"" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the ""/sbin/telnetd -l /bin/sh"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page ""/ui/cbpc/login"" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie ""sid"" generated by the page. The attacker will have access to the router control panel with administrator privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. When parsing the path parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-10911.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysEmailSettings API function, as demonstrated by shell metacharacters in the SMTPServerPort field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv6Settings API function, as demonstrated by shell metacharacters in the DestNetwork field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWebFilterSettings API function, as demonstrated by shell metacharacters in the WebFilterURLs field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetQoSSettings API function, as demonstrated by shell metacharacters in the IPAddress field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv6FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv6AddressRangeStart field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called ""dldps2121"" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in ""main"" function. One path in the function traverses towards a block of code that processing of packets which does an unbounded copy operation which allows to overflow the buffer. The custom protocol created by Dlink follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111 We can see at address function starting at address 0x0000DBF8 handles the entire UDP packet and performs an insecure copy using strcpy function at address 0x0000DC88. This results in overflowing the stack pointer after 1060 characters and thus allows to control the PC register and results in code execution. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the ""formSetDebugCfg"" function executes glibc's system function with untrusted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted ""action/umountUSBPartition"" request. This occurs because the ""formSetUSBPartitionUmount"" function executes the ""doSystemCmd"" function with untrusted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: ""serialized"", and ""compressed"", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of "".."" and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
"In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,NONE,HIGH
"A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a ""KeyJack injection attack.""",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 (""bpf: Fix truncation handling for mod32 dst reg wrt zero"") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross Site Scripting (XSS) in Remote Clinic v2.0 via the ""Clinic Name"", ""Clinic Address"", ""Clinic City"", or ""Clinic Contact"" field on clinics/register.php",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) in Remote Clinic v2.0 via the ""Chat"" and ""Personal Address"" field on staff/register.php",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. ### Patches Fixed by 3175fd3. ### Workarounds There are no known workarounds. ### References n/a ### For more information If you have any questions or comments about this advisory, email us at security@matrix.org.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the ""sticky"" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the ""sticky"" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be user and gets login code from ScratchOAuth2. 4. 3rd party site gives code to user and instructs them to post it on their profile. 5. User posts code on their profile, not knowing it is a ScratchOAuth2 login code. 6. 3rd party site completes login with ScratchOAuth2. 7. 3rd party site has full access to anything the user could do if they directly logged in. See referenced GitHub security advisory for patch notes and workarounds.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,NONE
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly ""short-cut"" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"curl 7.1.1 to and including 7.75.0 is vulnerable to an ""Exposure of Private Personal Information to an Unauthorized Actor"" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending ""rootmydevice"" to /proc/sunxi_debug/sunxi_debug.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SQL Injection in the ""add-services.php"" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the ""sername"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection in the ""admin_boxes.ajax.php"" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the ""cID"" parameter when creating a new HTML component.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) in the ""admin_boxes.ajax.php"" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the ""cID"" parameter when creating a new HTML component.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the ""sessionpriv.php"" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An improper authorization vulnerability in Samsung Members ""samsungrewards"" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NULL Pointer Dereference in the ""isomedia/track.c"" module's ""MergeTrack()"" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type ""BKS-V1"" was introduced in 1.49. It should be noted that the use of ""BKS-V1"" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka ""Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an interface user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the user. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, ""ip"" parameter is directly passed to the attacker, allowing them to control the ""ip"" field to attack the OS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, ""command"" parameter is directly passed to the attacker, allowing them to control the ""command"" field to attack the OS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long ""ssid"" parameter to the ""/userRpm/popupSiteSurveyRpm.html"" webpage, which crashes the router.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) in the ""add-services.php"" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the ""sername"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Microsoft Word Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows AppX Deployment Server Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in ""/index.php"" by manipulating the parameter ""user_id"" in the HTML request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Network File System Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Azure DevOps Server Spoofing Vulnerability,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the""'s_ip"" and ""s_mac"" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/""qosIndex ""request. This occurs because the ""formQOSRuleDel"" function directly passes the parameter ""qosIndex"" to strcpy without limit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/""IPMacBindIndex ""request. This occurs because the ""formIPMacBindDel"" function directly passes the parameter ""IPMacBindIndex"" to strcpy without limit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/""portMappingIndex ""request. This occurs because the ""formDelPortMapping"" function directly passes the parameter ""portMappingIndex"" to strcpy without limit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Azure Sphere Unsigned Code Execution Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
VP9 Video Extensions Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing ""Add users"", and doing a search, aka SAP Security Note 2255990.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Portmapping Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows TCP/IP Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with ""erlsrv.exe"" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the ""Seasons & Calendars"" page before outputing it in an A tag, leading to a reflected XSS issue",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jive before 2016.3.1 has an open redirect from the external-link.jspa page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28454.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Outlook Memory Corruption Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Denial of Service Update,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of ""anomalous argument transfers"" because that could ""stand a great chance of breaking existing workflows.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CITSmart before 9.1.2.23 allows LDAP Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ÊA CWE-863: Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.Ê",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the ""New Name"" field of the ""Rename a Module"" tool.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Event Tracing Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the AccessAlly WordPress plugin before 3.5.7, the file ""resource/frontend/product/product-shortcode.php"" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g., information can be read, modified, and sent to the attacker. However, availability of the server cannot be impacted.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure AD Web Sign-in Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Hyper-V Denial of Service Vulnerability,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NTFS Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). Note that additional configuration is needed in addition to upgrading to a fixed release. Cisco Bug IDs: CSCuc98992 CSCuu14804.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Application Compatibility Cache Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Windows NTFS Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,LOW
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows GDI+ Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Media Photo Codec Information Disclosure Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Overlay Filter Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Secure Kernel Mode Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Internet Messaging API Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Event Tracing Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Windows Services and Controller App Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states ""the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the ""It is only available on the local network"" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27074.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27080.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,LOW
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when ""umoci unpack"" or ""umoci raw unpack"" is used.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"An exploitable SQL injection vulnerability exists in the ""access_rules/rules_form"" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in the ""forms_fields_rules/rules"" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in ""global_lists/choices"" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when ""ebaclient"" was used, allowing unpermitted access to eDirectory services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a ""severe division by zero in the query planner.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the ""titel"" column on the ""Eintrage hinzufugen"" tab.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the ""payment gateway"" column on transactions tab.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"LiquidFiles 3.4.15 has stored XSS through the ""send email"" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,HIGH,REQUIRED,CHANGED,HIGH,NONE,NONE
"Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS&ndash;IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS&ndash;IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS&ndash;IS area to unexpectedly restart the IS&ndash;IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a ""special path"" in the C: drive.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in ""Favorites"" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"When visiting a site running Web-Stat < 1.4.0, the ""wts_web_stat_load_init"" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Composr 10.0.36 allows upload and execution of PHP files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Composr 10.0.36 allows XSS in an XML script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in ""/restful-services/2.0/analyticalDrivers"" via the 'LABEL' and 'NAME' parameters.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""All Subscribers"" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the ""default"" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a ""Product UI does not Warn User of Unsafe Actions"" issue.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states ""This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.",LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.",LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could be possible by modifying the local prototype of other API objects. Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution. This is addressed in v4.0.0 through a series of related changes.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an affected device. The vulnerability is due to incorrect boundary checks of certain values in Easy VSS protocol packets that are destined for an affected device. An attacker could exploit this vulnerability by sending crafted Easy VSS protocol packets to UDP port 5500 while the affected device is in a specific state. When the crafted packet is processed, a buffer overflow condition may occur. A successful exploit could allow the attacker to trigger a denial of service (DoS) condition or execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ""H2Push off"" will mitigate this vulnerability for unpatched servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a ""request"" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the ""request_uri"" parameter. CXF was not validating the ""request_uri"" parameter (apart from ensuring it uses ""https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,NONE,NONE
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.80 or later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the ""uncommented"" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in `--gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session's groups field was populated with the `--gitlab-group` config entries instead of pulling the individual user's group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `--gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `--gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,LOW,NONE
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with ""a weaponized clone file"" to execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with ""a weaponized clone file"" to execute arbitrary commands in the Web User Interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ovidentia CMS 6.x contains a SQL injection vulnerability in the ""id"" parameter of index.php. The ""checkbox"" property into ""text"" data can be extracted and displayed in the text region or in source code.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the ""script"" string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values (since GPG only available in non-browser env). However, if GPG encrypted values are used/required: 1. Perform a regex search for `#gpg`-tagged values in the EGF source file/string and check for backtick (\`) chars in the encrypted value string 2. Replace/remove them or skip parsing if present.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder ""width"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as ""../"" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter ""rs.security.keystore.type"" to ""jwk"". For this case all keys are returned in this file ""as is"", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. ""oct"" keys, which contain secret keys, are not returned at all.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property ""attachment-max-count"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(""java.protocol.handler.pkgs"", ""com.sun.net.ssl.internal.www.protocol"");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property ""attachment-max-header-size"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the ""POODLE"" issue.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12290.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12270.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12269.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12291.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11924.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the ""allowedIframeHostnames"" option when the ""allowIframeRelativeUrls"" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with ""/\\example.com"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a ""Content-Disposition"" header in the response where the filename attribute is derived from user supplied input.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.),NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the ""Operator"" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the ""goform/formSetFtpCfg"" settings page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a ""canonical"" URL on installation of concrete5 using the ""Advanced Options"" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this vulnerability by setting malicious values for a specific ROMMON variable. A successful exploit could allow the attacker to execute unsigned code and bypass the image verification check during the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated, physical access to the device or obtain privileged access to the root shell on the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, ""nimble refresh"" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ""Content-Type: image/png"" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states ""Codiad is no longer under active maintenance by core contributors.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states ""Codiad is no longer under active maintenance by core contributors.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states ""Codiad is no longer under active maintenance by core contributors.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, ""nimble refresh"" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all versions of GitLab starting from 13.7, marshalled session keys were being stored in Redis.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: ""jupyter server --ServerApp.base_url=/jupyter/"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the ""PROXY"" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a ""Session"" header. This comes from the ""HTTP_SESSION"" variable name used by mod_session to forward its data to CGIs, since the prefix ""HTTP_"" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with ""H2PushResource"", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set ""H2Upgrade on"" are unaffected by this issue.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue.  NOTE: the vendor states ""This mitigation has been assigned the identifier CVE-2016-5387""; in other words, this is not a CVE ID for a vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the ""Location"" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,NONE,HIGH
"A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by authenticating to the device as a high-privileged user, adding certain configurations with malicious code in one of its fields, and persuading another user to click on it. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials (level 15) on the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. The vulnerability cannot be exploited via IPv6 traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the ""Destination directory"" field, either within an XML document or through use of passive mode.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka ""Windows RPC Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TOTVS Fluig platform allows path traversal through the parameter ""file = .. /"" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the ""report_type"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the ""to_time"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the ""type"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows ""pip install aiohttp >= 3.7.4"". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. When parsing the funjsq_access_token parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11653.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,HIGH
"The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states ""The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a ""very significant"" memory leak via messages to an instance that performs many regex lookups.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using ""aws-chunked"" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The System Information Library for Node.JS (npm package ""systeminformation"") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Windows Camera Codec Pack Remote Code Execution Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the ""refID"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the ""limit"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the ""query"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the ""page"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Go before 1.10.6 and 1.11.x before 1.11.3, the ""go get"" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named "".git"" by using a vanity import path that ends with ""/.git"". If the Git repository root contains a ""HEAD"" file, a ""config"" file, an ""objects"" directory, a ""refs"" directory, with some work to ensure the proper ordering of operations, ""go get -u"" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the ""config"" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running ""go get -u"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
jqueryFileTree 2.1.5 and older Directory Traversal,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A ""stall on CPU"" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page (""Repeater Wizard"" homepage section).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's ""dataConfig"" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property ""enable.dih.dataConfigParam"" to true.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.),LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the ""file forwarding"" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit ""`Disallow @@ and @@U usage in desktop files`"". The follow-up commits ""`dir: Reserve the whole @@ prefix`"" and ""`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`"" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,LOW
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nagios 4.4.5 allows an attacker, who already has administrative access to change the ""URL for JSON CGIs"" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,LOW
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Clansphere CMS 2011.4 allows unauthenticated reflected XSS via ""module"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Clansphere CMS 2011.4 allows unauthenticated reflected XSS via ""language"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"FastStone Image Viewer 6.2 has a ""Data from Faulting Address may be used as a return value"" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a ""User Mode Write AV"" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the ""redirect"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"FastStone Image Viewer 6.2 has a ""Data from Faulting Address may be used as a return value"" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a ""User Mode Write AV"" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the ""redirect"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if ""Role Options"" is turn on for other users) to perform a SQL Injection attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the ""form.widgets.site_title"" parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers' results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param ""id"". This requires an admin privileged user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,LOW
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
Windows 10 Update Assistant Elevation of Privilege Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Update Stack Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Docker Information Disclosure Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
User Profile Service Denial of Service Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to cause a denial of service (DoS) condition via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the ""author"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the ""srch"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it's possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the ""from_time"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the ""category"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the ""search_name"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27059.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft PowerPoint Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27054.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is ""via the app"").",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to ""forced subscription"", the forum's subscribe link contained an open redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its ""Redirect From"" column when importing a CSV file, allowing high privilege users to perform SQL injections.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Update Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable ""strProfileData"" and allows an unauthenticated attacker to execute code via a crafted POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Installer Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Go before 1.8.4 and 1.9.x before 1.9.1 allows ""go get"" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, ""go get"" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running ""go get.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a ""Prototype Poisoning"" vulnerability. When msgpack5 decodes a map containing a key ""__proto__"", it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver's prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object's prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__'s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This ""prototype poisoning"" is sort of a very limited inversion of a prototype pollution attack. Only the decoded value's prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer's code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external ""credential helper"" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Internet Explorer Remote Code Execution Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as ""tenable-jira-cloud"". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled. For more details refer to the referenced GitHub Security Advisory. This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21364.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any ""Add"" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26897.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26901.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows UPnP Device Host Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-27077.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The unserialize() function supported a type code, ""S"", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft SharePoint Server Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Overlay Filter Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a ""true"" command was executed on the server, and the request's output does not leak any private source code or data from the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Internet Explorer Memory Corruption Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Event Tracing Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.,PHYSICAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Error Reporting Elevation of Privilege Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Power BI Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-172005755",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26900, CVE-2021-27077.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows App-V Overlay Filter Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: ""01030507090b0d0f00020406080a0c0d"" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Graphics Component Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=""null"" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Spoofing Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the ""host"" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device> show task memory detail Please refer to https://kb.juniper.net/KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54; 15.1X49 versions prior to 15.1X49-D240 ; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting attack. To exploit this endpoint attacker need to be authenticated. This is fixed in version 9.5.4.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by Users having at least SAP_XMII_Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27057.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Admin Center Security Feature Bypass Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Microsoft Visio Security Feature Bypass Vulnerability,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157156744",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){});",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Office ClickToRun Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Perl before 5.30.3 has an integer overflow related to mishandling of a ""PL_regkind[OP(n)] == NOTHING"" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.,LOCAL,HIGH,HIGH,NONE,CHANGED,LOW,LOW,LOW
"An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173516292",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows ActiveX Installer Service Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Projected File System Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26885.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26898, CVE-2021-26901.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows User Profile Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-164440989",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All Versions < V7.0.6), SIMATIC NET CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC NET CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 ERPC (All versions), SIMATIC NET CP 343-1 LEAN (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-1 OPC UA (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SIMOTION C (All versions < V4.5), SIMOTION D (incl. SIPLUS variants) (All versions < V4.5), SIMOTION P (All versions < V4.5), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a Denial-of-Service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0), SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 Smart, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using ""--userns-remap"", if the root user in the remapped namespace has access to the host filesystem they can modify files under ""/var/lib/docker/<remapping>"" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,HIGH
"A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169829774",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157154534",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156739245",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Graphics Component Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26875, CVE-2021-26900, CVE-2021-27077.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Container Execution Agent Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26891.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows NAT Denial of Service Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Storage Spaces Controller Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Access API Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Media Photo Codec Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26871.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Application Virtualization Remote Code Execution Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the ""Display Name"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Container Execution Agent Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26865.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the ""id"" and ""fuel_id"" parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169572641",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154076193",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27061, CVE-2021-27062.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pollbot is open source software which ""frees its human masters from the toilsome task of polling for the state of things during the Firefox release process."" In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of ""https://pollbot.services.mozilla.com/"". An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: ""https://pollbot.services.mozilla.com//evil.com/"". Affected versions will redirect to that website when you inject a payload like ""//evil.com/"". This is fixed in version 1.4.4.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install ""Products.PluggableAuthService>=2.6.1"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install ""Products.PluggableAuthService>=2.6.0""`.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing ""+\ ""-"" or an uncommon shell whitespace character prefix to the length field-value.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine ADManager Plus before 7066 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the ""diag sys ha checksum show"" command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a ""shawarma"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use ""show system infor"" to discover cleartext TELNET credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ""Time in Status"" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Clockwork SMS clockwork-test-message.php component has XSS via a crafted ""to"" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. This issue has been patched in version 1.0.0-beta.9. As a workaround one may specify `java.io.tmpdir` when starting the JVM with the flag `-Djava.io.tmpdir`, specifying a path to a directory with `drw-------` permissions owned by `dd-agent`.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: ""Web Link"" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: "" accesskey=""x"" onclick=""alert(1)"" x="", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the ""Web Link"" of the newly created file it will create a new empty tab, but on the initial tab the pop-up ""1"" will appear.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-3418.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including ""pug"", ""pug-code-gen"". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the ""next"" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,LOW
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)",ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3)",ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Courier Management System 1.0 - 'First Name' Stored XSS,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft Excel Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support ""saved UID"" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use ""enable -f"" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the ""Server Config"" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has ""lots of other possibilities to harm a site.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17118.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Digital Media Receiver Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chakra Scripting Engine Memory Corruption Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
DirectX Graphics Kernel Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft PowerPoint Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Excel Security Feature Bypass Vulnerability,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Backup Engine Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows DNS Server Remote Code Execution Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Address Book Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Windows Codecs Library Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Trust Verification API Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Mobile Device Management Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
Azure IoT CLI extension Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Print Spooler Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Defender Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Microsoft Dataverse Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
ASP.NET Core and Visual Studio Denial of Service Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Windows Lock Screen Security Feature Bypass Vulnerability,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Spoofing Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Outlook Information Disclosure Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft Exchange Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17138.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft SharePoint Elevation of Privilege Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Azure SDK for C Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Azure SDK for Java Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Microsoft Edge for Android Spoofing Vulnerability,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure DevOps Server Spoofing Vulnerability,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Dynamics Business Central/NAV Information Disclosure,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Overlay Filter Security Feature Bypass Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows SMB Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dynamics CRM Webclient Cross-site Scripting Vulnerability,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Kerberos Security Feature Bypass Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Windows Network Connections Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hyper-V Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Windows GDI+ Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Package Managers Configurations Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Microsoft Teams iOS Information Disclosure Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows PKU2U Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Windows Security Feature Bypass Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Code Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Microsoft SharePoint Spoofing Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Installer Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Windows Graphics Component Remote Code Execution Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Console Driver Denial of Service Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Windows DirectX Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sysinternals PsExec Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24069, CVE-2021-24070.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24067, CVE-2021-24068, CVE-2021-24069.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft SharePoint Server Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Skype for Business and Lync Spoofing Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Kernel Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In webERP 4.15, the ManualContents.php file allows users to specify the ""Language"" parameter, which can lead to local file inclusion.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.,ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.,ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the ""About user (basic authentication details only)"" information, which can include the session ID of the user creating the support bundle in some configurations.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"""loolforkit"" is a privileged program that is supposed to be run by a special, non-privileged ""lool"" user. Before doing anything else ""loolforkit"" checks, if it was invoked by the ""lool"" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of ""loolforkit"" this check was wrong, so a normal user could start ""loolforkit"" and eventually get local root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(""nuance-gulp-build-common"") a.run(""touch JHU"")",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
.NET Core and Visual Studio Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on ""le filtre userside.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the ""Explode message/Explode now"" functionality. Local filesystem access is needed by the attacker.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=""http://127.0.0.1:5000"" valign=""top""/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django's similar ASGIHandler, available from Django 3.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable ""dbentry->n_key_data"" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a ""u4"" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
In all versions of AppArmor mount rules are accidentally widened when compiled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = ""rgb("" for (var i = 0; i < n; i++) { ret += "" "" } return ret + """"; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+"" ms"")",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve ""Zugriff auf Inhalte der WebOffice Applikation.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the ""go get"" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05458478.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05454782.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05437558.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05377188.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05349201.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05342338.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05412917.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05431161.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442014.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442022.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442006.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05362646.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the ""starttls"" feature from a server response.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the ""skippy peanut butter"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the ""ACCOUNT UPDATE"" section.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the ""ACCOUNT CREATION"" section, related to lack of input validation in include/function.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b>&nbsp;</b>via adjacent access.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,LOW
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Mobile application ""Testes de Codigo"" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters ""isAdmin"" and ""isPremium"" located on device storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)
",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)
",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the ""Site Name EN"" parameter. This attack appears to be exploitable if the malicious user has access to the administration account.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2,NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the ""Birthday Attacks"" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the ""Recommend job posting"" function is enabled, allows XSS via the SENDER parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with ""OBJECT classid="" and ""<SCRIPT language='vbscript'>"") to overwrite arbitrary files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In x/text in Go before v0.3.5, a ""slice bounds out of range"" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in ""request smuggling"" or ""desync attacks"". To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package ""jquery-validation"". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,LOW
"An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,LOW
"ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (""ovl: stack file ops""). This was fixed in kernel version 5.8 by commits 56230d9 (""ovl: verify permissions in ovl_path_open()""), 48bd024 (""ovl: switch to mounter creds in readdir"") and 05acefb (""ovl: check permission to open real file""). Additionally, commits 130fdbc (""ovl: pass correct flags for opening real directory"") and 292f902 (""ovl: call secutiry hook in ovl_real_ioctl()"") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (""ovl: do not fail because of O_NOATIMEi"") in kernel 5.11.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require('static-eval'); var parse = require('esprima').parse; var src=""(function (x) { return ${eval(""console.log(global.process.mainModule.constructor._load('child_process').execSync('ls').toString())"")} })()"" var ast = parse(src).body[0].expression; evaluate(ast)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has a heap-based buffer overflow in dlt_buffer_write_block in shared/dlt_common.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.",PHYSICAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would be for an adversary to craft a request such that the body contains a request that would not be noticed by a reverse proxy, allowing it to forge forwarded/x-forwarded headers. If an application trusted the authenticity of these headers, it could be misled by the smuggled request. Another potential concern with this vulnerability is that if a reverse proxy is sending multiple http clients' requests along the same keep-alive connection, it would be possible for the smuggled request to specify a long content and capture another user's request in its body. This content could be captured in a post request to an endpoint that allows the content to be subsequently retrieved by the adversary. This has been addressed in async-h1 2.3.0 and previous versions have been yanked.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,HIGH,NONE
An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states ""This use-after-free is triggered prior to the double free reported in CVE-2017-12858.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html ""A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code."" Mitigation: Upgrade to Apache ActiveMQ 5.15.13",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the ""jmxrmi"" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the ""-crl_download"" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,NONE,LOW
"PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in PCS neo (Administration Console) (V3.0), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: ""This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames"".",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. IBM X-Force ID: 198191.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a ""use of SSH key past account expiration"" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The ""#manipulate!"" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.),NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of ""\xa0"" characters in the ""www-authenticate"" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables ""cross-chain transaction replay"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method ""lib/utils/object/set.ts"". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an ""arbitrary mint token"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Marked is an open-source markdown parser and compiler (npm package ""marked""). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Helm is open-source software which is essentially ""The Kubernetes Package Manager"". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used ""as is"" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.",LOCAL,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11332.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11333.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11335.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11356.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11358.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11432.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11433.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11488.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. A crafted id in a channel element can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11197.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11192.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,LOW
"An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11193.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Millennium Millewin (also known as ""Cartella clinica"") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11194.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11195.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ARW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11196.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11247.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11259.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11334.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11336.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11337.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Resource management errors vulnerability in a robot controller of MELFA FR Series(controller ""CR800-*V*D"" of RV-*FR***-D-* all versions, controller ""CR800-*HD"" of RH-*FRH***-D-* all versions, controller ""CR800-*HRD"" of RH-*FRHR***-D-* all versions, controller ""CR800-*V*R with R16RTCPU"" of RV-*FR***-R-* all versions, controller ""CR800-*HR with R16RTCPU"" of RH-*FRH***-R-* all versions, controller ""CR800-*HRR with R16RTCPU"" of RH-*FRHR***-R-* all versions, controller ""CR800-*V*Q with Q172DSRCPU"" of RV-*FR***-Q-* all versions, controller ""CR800-*HQ with Q172DSRCPU"" of RH-*FRH***-Q-* all versions, controller ""CR800-*HRQ with Q172DSRCPU"" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller ""CR800-CVD"" of RV-8CRL-D-* all versions, controller ""CR800-CHD"" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller ""CR800-05VD"" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the ""Select Role of the User"" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)
",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain ""misconfiguration.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6ES7143-6BH00-0BB0, 6ES7146-6FF00-0AB0 and 6ES7148-6JD00-0AB0) (All versions), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** GNOME Evolution through 3.38.3 produces a ""Valid signature"" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the ""No results found for"" message in the search bar.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,LOW
"A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects all versions of package decal. The vulnerability is in the set function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for ""NIO1SocketServerGroup"". A ""maxConnections"" parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The ""NIO2SocketServerGroup"" has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general ""MaxActiveRequests"" middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new ""maxConnections"" property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a ""Backdoor Password"" of 3p1kursupport). If the submitted password matches either one, access is granted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.",LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,NONE
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states ""I believe that this vulnerability cannot actually be exploited.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for "".example.com"", the intention is that subdomains of example.com are allowed. Instead, ""example.com"" and ""badexample.com"" could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states ""We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from the file system. Responses to SSDP requests can be especially malicious. All add-ons that use SAX or JAXB parsing of externally received XML are potentially subject to this kind of attack. In openHAB, the following add-ons are potentially impacted: AvmFritz, BoseSoundtouch, DenonMarantz, DLinkSmarthome, Enigma2, FmiWeather, FSInternetRadio, Gce, Homematic, HPPrinter, IHC, Insteon, Onkyo, Roku, SamsungTV, Sonos, Roku, Tellstick, TR064, UPnPControl, Vitotronic, Wemo, YamahaReceiver and XPath Tranformation. The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a ""Remove PIN and restart!"" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"When ""set system ports console insecure"" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using ""set system root-authentication plain-text-password"" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When configuring a stateless firewall filter in Junos OS, terms named using the format ""internal-n"" (e.g. ""internal-1"", ""internal-2"", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The PKI keys exported using the command ""run request security pki key-pair export"" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains Hub before 2020.1.12629, an open redirect was possible.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of package launchpad are vulnerable to Command Injection via stop.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,LOW
"An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Mobile application ""Testes de Codigo"" v11.3 and prior allows stored XSS by injecting a payload in the ""feedback"" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the ""feedback list"", either by accessing the website directly or using the mobile application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. This setting was not necessary, and is being removed. You are only vulnerable if you have an additional vulnerability (e.g. a bug in Kubernetes) or misconfiguration that allows an attacker to run code inside the Weave Net pod, No such bug is known at the time of release, and there are no known instances of this being exploited. Weave Net 2.8.0 removes the hostPID setting and moves CNI plugin install to an init container. Users who do not update to 2.8.0 can edit the hostPID line in their existing DaemonSet manifest to say false instead of true, arrange some other way to install CNI plugins (e.g. Ansible) and remove those mounts from the DaemonSet manifest.",ADJACENT_NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call ""crm history"" (when ""crm"" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,LOW
"oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 .,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729426",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsolvideoremotestorage_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the ""redirect_uri"" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in ""path"" parameter, an attacker can execute malicious JavaScript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the ""View Recipient Information"" of this order in ""Order Management Office"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the ""DB2 Management Service"".",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/mode_emailmAction.php does not perform strict filtering.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The MediaWiki ""Report"" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,LOW
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a ""software IO TLB"" printk call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,NONE
"OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,LOW,LOW
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An authenticated attacker can inject malicious code into ""lang"" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CMSuno 1.6.2, an attacker can inject malicious PHP code as a ""username"" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored through the following command: user@junos# request pfe execute target fpc0 timeout 30 command ""show heap"" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA <--- 5 903fffe0 20971504 20971504 0 0 Blob An indication of the issue occurring may be observed through the following log messages: Dec 10 08:07:00.124 2020 hostname fpc0 brcm_pkt_buf_alloc:523 (buf alloc) failed allocating packet buffer Dec 10 08:07:00.126 2020 hostname fpc0 (buf alloc) failed allocating packet buffer Dec 10 08:07:00.128 2020 hostname fpc0 brcm_pkt_buf_alloc:523 (buf alloc) failed allocating packet buffer Dec 10 08:07:00.130 2020 hostnameC fpc0 (buf alloc) failed allocating packet buffer This issue affects Juniper Networks Junos OS on EX Series and QFX Series: 17.4R3 versions prior to 17.4R3-S3; 18.1R3 versions between 18.1R3-S6 and 18.1R3-S11; 18.2R3 versions prior to 18.2R3-S6; 18.3R3 versions prior to 18.3R3-S4; 18.4R2 versions prior to 18.4R2-S5; 18.4R3 versions prior to 18.4R3-S6; 19.1 versions between 19.1R2 and 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Junos OS versions prior to 17.4R3 are unaffected by this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impact due to protocol flapping. An indication of compromise is to check ""monitor interface traffic"" on the ingress and egress port packet counts. For each ingress packet, two duplicate packets are seen on egress. This issue can be triggered by IPv4 and IPv6 packets. This issue affects all traffic through the device. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300, QFX3500, QFX5100, EX4600; 15.1 versions prior to 15.1R7-S6 on EX4300, QFX3500, QFX5100, EX4600; 16.1 versions prior to 16.1R7-S7 on EX4300, QFX5100, EX4600; 17.1 versions prior to 17.1R2-S11 on EX4300, QFX5100, EX4600; 17.1 versions prior to 117.1R3-S2 on EX4300; 17.2 versions prior to 17.2R1-S9 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 18.1 versions prior to 18.1R3-S9 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400; 18.2 versions prior to 18.2R2-S7 on EX4300; 18.2 versions prior to 18.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400; 18.3 versions prior to 18.3R2-S3, on EX4300; 18.3 versions prior to 18.3R1-S7, 18.3R3-S1 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.3 versions prior to 19.3R2-S1, 19.3R3 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2, 19.3R3 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400;",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,NONE,NONE
"This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,LOW
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,HIGH
"In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d ""REQ_ID=SUPPORT_IF_GET"").",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Survey Builder. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Survey Builder, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Survey Builder accessible data as well as unauthorized read access to a subset of Oracle Application Express Survey Builder accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Opportunity Tracker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Opportunity Tracker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Opportunity Tracker accessible data as well as unauthorized read access to a subset of Oracle Application Express Opportunity Tracker accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol messages are processed. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the RDBMS Scheduler component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Export Full Database privilege with network access via Oracle Net to compromise RDBMS Scheduler. Successful attacks of this vulnerability can result in takeover of RDBMS Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core - Server Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Case Form, Local Affiliate Form). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Payables accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Workflow, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data as well as unauthorized update, insert or delete access to some of Oracle Workflow accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server BizLogic Script. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server BizLogic Script accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. This issue affects Juniper Networks Junos OS: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolution, Windows Update is being submitted for all affected products to update to 2.0.9.18 or later.)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the victim, e.g. creating and modifying user accounts, changing system configuration settings and cause DoS conditions. Note: For Bosch PRAESIDEO 4.31 and newer and Bosch PRAESENSA in all versions, the confidentiality impact is considered low because user credentials are not shown in the web interface.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have administrative credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This causes a Denial of Service (DoS) to those clients sending these particular types of traffic. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious, and can be targeted to the device, or destined through it for the issue to occur. This issues affects IPv4 and IPv6 traffic. An indicator of compromise may be found by checking log files. You may find that traffic on the input interface has 100% of traffic flowing into the device, yet the egress interface shows 0 pps leaving the device. For example: [show interfaces ""interface"" statistics detail] Output between two interfaces would reveal something similar to: Ingress, first interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/0 Up 9999999999 (9999) 1 (0) -------------------- Egress, second interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 0 (0) 9999999999 (0) -------------------- Dropped packets will not show up in DDoS monitoring/protection counters as issue is not caused by anti-DDoS protection mechanisms. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S7 on NFX250, QFX5K Series, EX4600; 17.4 versions prior to 17.4R2-S11, 17.4R3-S3 on NFX250, QFX5K Series, EX4600; 18.1 versions prior to 18.1R3-S9 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600; 18.2 versions prior to 18.2R3-S3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600; 18.3 versions prior to 18.3R3-S1 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.2 versions prior to 19.2R1-S5, 19.2R2 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.3 versions prior to 19.3R2-S3, 19.3R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.4 versions prior to 19.4R1-S2, 19.4R2 on NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series. This issue does not affect Junos OS releases prior to 17.2R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Series. This issue affects Juniper Networks Junos OS on EX Series and QFX5K Series: 15.1 versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3R3-S8; 17.4R3-S2; 18.2R3-S4, 18.2R3-S5; 18.3R3-S2, 18.3R3-S3; 18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6; 19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1; 19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3; 20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2. This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.',NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Hyper-V Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader(""File-Name"")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or authorization checks. This issue may lead to pre-auth remote code execution. This issue was fixed in 4.0.3 by removing AttachmentUploadServlet and not using deserialization",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev's server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Event Logging Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Win32k Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows (modem.sys) Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Graphics Component Information Disclosure Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Update Stack Elevation of Privilege Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Remote Desktop Security Feature Bypass Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Microsoft Edge (HTML-based) Memory Corruption Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NTLM Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Azure Active Directory Pod Identity Spoofing Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Multipoint Management Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1687.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Windows CryptoAPI Denial of Service Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1686, CVE-2021-1687, CVE-2021-1690.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user&rsquo;s account.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted ""protected"" comment (with the cke_protected syntax).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,HIGH,NONE
"Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Server-Side Template Injection and arbitrary file disclosure on Camel templating components,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the ""xlink:href"" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the ""Logjam"" issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows GDI+ Information Disclosure Vulnerability,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Installer Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Event Tracing Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows LUAFV Elevation of Privilege Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Microsoft SharePoint Server Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Fax Compose Form Remote Code Execution Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Office Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1451.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Server Tampering Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a ""vulnerability in the PHP language itself"" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
TPM Device Driver Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Test Connection"" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Bot Framework SDK Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Windows WLAN Service Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Active Template Library Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,NONE,NONE
"Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a ""Conditional jump or move depends on uninitialised value"" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via an inline binary file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.4 allows XSS via the subject of a task.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Defender Remote Code Execution Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows DNS Query Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Microsoft SQL Elevation of Privilege Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the ""excel export"" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.,PHYSICAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's `env` function to retrieve configuration information, see referenced GHSA for an example. This has been fixed in version 0.6.1. In addition to upgrading, it is recommended to rotate all secrets.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. This occurs as logging service does not disable XML external entities when parsing configuration files and a successful exploit would result in limited impact on integrity and availability of the application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter ""locking"" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an operation is performed which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters ""x_modules"" and ""y_modules"" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query. Owners of websites built with mdBook have to upgrade to mdBook 0.4.5 or greater and rebuild their website contents with it.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
docker-credential-helpers before 0.6.3 has a double free in the List functions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter ""file"" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP ""PLAY"" command, when the command specifies seeking by absolute time.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android SoC; Android ID: A-172514667.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-166667403.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-169933423.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0), SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in TIA Portal V14 (All versions < V14 SP1 Update 10), TIA Portal V15 (All versions < V15 SP1 Update 4), TIA Portal V16 (All versions < V16 Update 1). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If a user downloaded a file lacking an extension on Windows, and then ""Open""-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.),NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This impacts DLO server and client installations.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the ""%SYSTEMDRIVE%\Pearson VUE"" directory, which allows local users to obtain administrative privileges via a Trojan horse application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf (on SMTP Server) or \user\ssl\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site once the URL is clicked or visited. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials, force malware execution, user redirection and others.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ""<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>"". The password value is not redacted and is printed to stdout and also to any generated log files.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and ""Keyword"" in URL Filter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,HIGH
"The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an ""admin"" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a ""viewer"" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as ""viewer"" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a ""viewer"" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ISPConfig before 3.2.2 allows SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. This is fixed in version 5.17.3",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com\@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node's built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.]",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a ""Sweet32"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
XWiki Platform before 12.8 mishandles escaping in the property displayer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"In MantisBT 2.24.3, SQL Injection can occur in the parameter ""access"" of the mc_project_get_users function through the API SOAP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large ""table_entries_used"" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Console: CORS headers set to allow all in Red Hat AMQ.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exponent CMS before 2.6.0 has improper input validation in storeController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Ptarmigan before 0.2.3 lacks API token validation, e.g., an ""if (token === apiToken) {return true;} return false;"" code block.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large ""item_num"" field such as 0xffffffff, is provided. As a result, the variable ""item_num"" turns negative, bypassing the check for a large value.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Exponent CMS before 2.6.0 has improper input validation in fileController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exponent CMS before 2.6.0 has improper input validation in usersController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,HIGH,NONE
"A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large ""nb_index_entries"" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states ""I don't think [it] is a big real-life issue.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
"An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, RAX120 before 1.0.0.78, and R7500v2 before 1.0.3.46.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim's workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.",LOCAL,HIGH,LOW,NONE,CHANGED,LOW,LOW,LOW
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the ""How to Harden Your PHP for Better Security"" guidance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vidyo 02-09-/D allows clickjacking via the portal/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in ""Blog Content"" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce ""compatibility hazards"" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.,ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation "".roa"" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function ""Custom Gift Card Template"", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the ""A number of self-test programs are included here for unit-testing the library"" situation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that your uploaded file storage only contains files that are allowed, as uploaded files might still be served. As workaround it's possible to block the `/uploadimage` endpoint on your instance using your reverse proxy. And/or restrict MIME-types and file names served from your upload file storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a ""host"" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like ""host"":""192.168.###.###"" in the POST data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Autobahn|Python before 20.12.3 allows redirect header injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references).,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+"" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake.php, _internal/error_u201409.txt, _internal/runcmd.php, _internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup_server.php, utils/backup/restore_server.php, MyScreens/timeline.config, kreator.html5/test.php, and addedlogs.txt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The ""hub"" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated ""I don't think there is an proof of overflow so far.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CXUUCMS V3 allows class=""layui-input"" XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"dhowden tag before 2020-11-19 allows ""panic: runtime error: slice bounds out of range"" via readAtomData.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dhowden tag before 2020-11-19 allows ""panic: runtime error: slice bounds out of range"" via readTextWithDescrFrame.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dhowden tag before 2020-11-19 allows ""panic: runtime error: index out of range"" via readAPICFrame.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dhowden tag before 2020-11-19 allows ""panic: runtime error: index out of range"" via readPICFrame.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with ""helpdesk"" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the ""Config - Import Administrators"" page.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
"If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the ""Change visibility of selected log entries"" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Sympa before 6.2.56 allows privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many ""Host: 127.0.0.1"" headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as ""admin"", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one. Windows users who run `hugo` inside untrusted Hugo sites are affected. Users should upgrade to Hugo v0.79.1. Other than avoiding untrusted Hugo sites, there is no workaround.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,LOW,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified without the intention of the workflow or action author. The runner will release an update that disables the `set-env` and `add-path` workflow commands in the near future. For now, users should upgrade to `@actions/core v1.2.6` or later, and replace any instance of the `set-env` or `add-path` commands in their workflows with the new Environment File Syntax. Workflows and actions using the old commands or older versions of the toolkit will start to warn, then error out during workflow execution.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-form.php, the ulgm_user_last POST Parameter in user-registration-form.php, the ulgm_user_email POST Parameter in user-registration-form.php, the ulgm_code_registration POST Parameter in user-registration-form.php, the ulgm_terms_conditions POST Parameter in user-registration-form.php, the _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php, the uncanny_group_signup_user_first POST Parameter in group-registration-form.php, the uncanny_group_signup_user_last POST Parameter in group-registration-form.php, the uncanny_group_signup_user_login POST Parameter in group-registration-form.php, the uncanny_group_signup_user_email POST Parameter in group-registration-form.php, the success-invited GET Parameter in frontend-uo_groups.php, the bulk-errors GET Parameter in frontend-uo_groups.php, or the message GET Parameter in frontend-uo_groups.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a ""bureaucrat user"" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,LOW
"Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) issue in ""document"" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run scripts that perform AJAX calls to known Open Zaak installations, and the browser will not block these. This was intended to only apply to development machines running on localhost/127.0.0.1. Open Zaak 1.3.3 disables CORS by default, while it can be opted-in through environment variables. The vulnerability does not actually seem exploitable because: a) The session cookie has a `Same-Site: Lax` policy which prevents it from being sent along in Cross-Origin requests. b) All pages that give access to (production) data are login-protected c) `Access-Control-Allow-Credentials` is set to `false` d) CSRF checks probably block the remote origin, since they're not explicitly added to the trusted allowlist.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"WeiPHP 5.0 does not properly restrict access to pages, related to using POST.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable PM server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user. This can include WebSocket payloads that result in command execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application server, which will forward requests to any configured back-end server, regardless of whether the user's access rights should permit this. As a result, even the most low-privileged user can interact with any back-end component that has a LogRhythm agent installed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strings in parameters given by attacker. And it finally leads to a stack-based buffer overflow via access to crafted web page. This issue affects: Infraware ML Report 2.19.312.0000.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the ""manage files"" functionality, which may result in remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same ""state"" parameter. This flaw allows a malicious user to perform replay attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This _does_ allow arbitrary files to be created, but they will be sqlite databases. It does not appear to allow existing non-sqlite files to be overwritten. This has been patched in osquery 4.6.0. There are several mitigating factors and possible workarounds. In some deployments, the people with access to these interfaces may be considered administrators. In some deployments, configuration is managed by a central tool. This tool can filter for the `ATTACH` keyword. osquery can be run as non-root user. Because this also limits the desired access levels, this requires deployment specific testing and configuration.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross Site Scripting (XSS) vulnerability in the ""To Remote CSV"" component under ""Open"" Menu in Flexmonster Pivot Table & Charts 2.7.17.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose ""Display Name"" contains an XSS payload.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is ""Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()."" The researcher states that this pattern is undocumented.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161356067",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161903239",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159371448",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158833495",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-79776455",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the PrestaShop module ""productcomments"" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155560008",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154928507",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_enabled of nfc_main.cc, there is a possible out of bounds read due to an incorrect increment. This could lead to local information disclosure via firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155234594",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649398",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157066561",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649306",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649298",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650117",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649467",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166125765",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155647761",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162324374",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with ""user"" privileges if it is not associated with any groups.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no clear exfiltration path, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145262423",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156008365",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122358602",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a caller to copy, move, or delete files accessible to DocumentsProvider with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320716",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151313205",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data due to a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857259",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153655153",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153556754",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878498",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156009462",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731369",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731335",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.,LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.",ADJACENT_NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,LOW,HIGH,HIGH
"In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,LOW,HIGH,HIGH
"In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156819528",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In BitstreamFillCache of bitstream.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150615407",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152895390",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155473137",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-149481220",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-168500792",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-163413737",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-159373687",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150371903",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the ""page"" parameter, to cause local file inclusion resulting in code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162627132",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patient’s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of ""pokon.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC NET CP 1616 and CP 1604, SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC NET CP 443-1 (incl. SIPLUS variants), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants), SIMATIC NET CP 443-1 OPC UA, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Go Ethereum, or ""Geth"", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Go Ethereum, or ""Geth"", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against ""page creation"" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =""javascript... that executes when clicked.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944 will continue to be referenced in F5 Security Advisory K57274211 and will not be assigned to other F5 vulnerabilities.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.”",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,HIGH
"SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Some websites have a feature ""Show Password"" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach ""unknown functionality"" in a ""known to be easy"" manner via an unspecified ""public exploit.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `""dc:format=\""image/dng\""` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2.  NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname).  NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic ""tokens"". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget registering your first admin account on a public server. In this case – without our security block – someone else might theoretically be able to find your site, find out it's running on Kirby, find the Panel and then register the account first. It's an unlikely situation, but it's still a certain risk. To be able to register the first Panel account on a public server, you have to enforce the installer via a config setting. This helps to push all users to the best practice of registering your first Panel account on your local machine and upload it together with the rest of the site. This installation block implementation in Kirby versions before 3.3.6 still assumed that .dev domains are local domains, which is no longer true. In the meantime, those domains became publicly available. This means that our installation block is no longer working as expected if you use a .dev domain for your Kirby site. Additionally the local installation check may also fail if your site is behind a reverse proxy. You are only affected if you use a .dev domain or your site is behind a reverse proxy and you have not yet registered your first Panel account on the public server and someone finds your site and tries to login at `yourdomain.dev/panel` before you register your first account. You are not affected if you have already created one or multiple Panel accounts (no matter if on a .dev domain or behind a reverse proxy). The problem has been patched in Kirby 3.3.6. Please upgrade to this or a later version to fix the vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: ""[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed."" you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = ...` with `c.Authenticator.allowed_users = ...`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the ""Add new chapter"" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle where users with ""Log in as"" capability in a course context (typically, course managers) may gain access to some site administration capabilities by ""logging in as"" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a ""Platypus"" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.),PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the ""delete_compute_resource"" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,LOW,NONE
"A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",PHYSICAL,HIGH,LOW,NONE,CHANGED,HIGH,LOW,NONE
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Canon MF237w 06.07 devices. An ""Improper Handling of Length Parameter Inconsistency"" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An ""User enumeration and Improper Restriction of Excessive Authentication Attempts"" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in ""upload tftp syslog"" and ""upload tftp configuration"" in the CLI via a crafted filename.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a ""SEID"" token that is appended to the end of URLs in GET requests. Thus the ""SEID"" would be exposed in web proxy logs and browser history. An attacker that is able to capture the ""SEID"" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"petl before 1.68, in some configurations, allows resolution of entities in an XML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the ""EPESI-master/modules/Utils/RecordBrowser/favorites.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: ""/$({curl,127.0.0.1})"", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Go Ethereum, or ""Geth"", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Go Ethereum, or ""Geth"", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escaped values to be unescaped, leading to XSS. Scratch Addons version 1.3.2 fixes the bug. The extension will be automatically updated by the browser. More Links addon can be disabled via the option of the extension.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential vulnerability in the AMD extension to Linux ""hwmon"" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.",LOCAL,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,LOW
"IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with ""tomb {W] Detected DISPLAY, but only pinentry-curses is found."" as the encryption key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a ""one-shot"" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the ""streaming"" API as opposed to the ""one-shot"" API, and impose chunk size limits.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,LOW,NONE,LOW
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in ""Machine Address Book"". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
WebP Image Extensions Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HEIF Image Extensions Remote Code Execution Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Visual Studio Tampering Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Microsoft Teams Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16991, CVE-2020-16994.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,HIGH,NONE
"IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Azure Sphere Tampering Vulnerability,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify ""Exclude grade"" settings by leveraging the Non-Editing Instructor role.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ""restore teacher"" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to ""all participants.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing ""Post a copy to all groups"" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(""markdown-it-highlightjs""); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){."">js}'); console.log(reuslt_xss);",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default ""Publisher"" system role have access to create & manage users where they can choose which role the new user has. This means that a user with ""Publisher"" access has the ability to escalate their access to ""Developer"" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under ""%PROGRAMDATA%\Razer Chroma\SDK\Apps"" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by ""j a v a s c r i p t:"" in Internet Explorer. This is a similar issue to CVE-2014-3146.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,LOW,NONE
"Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Untangle Firewall NG before 16.0 uses MD5 for passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AV1 Video Extension Remote Code Execution Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Camera Codec Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16992.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.,PHYSICAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16993.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Excel Security Feature Bypass Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows USO Core Worker Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17074.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17076.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Exchange Server Denial of Service Vulnerability,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Kerberos Security Feature Bypass Vulnerability,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Windows Network File System Remote Code Execution Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Update Stack Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol is vulnerable to DoS through an arbitrary pointerderreference. This flaw allows an attacker to to pass a specially crafted package that, when processed by theservice, causes an arbitrary pointer from the stack to be dereferenced, causing an uncaught exception thatterminates the service. This can be further contructed in combination with RVDP#710 which exploits an informationdisclosure leak, or with RVDP#711 for an stack-overflow and potential code execution.Beyond denying simulations, Visual Components provides capabilities to interface with industrial machinery andautomate certain processes (e.g. testing, benchmarking, etc.) which depending on the DevOps setup might beintegrated into the industrial flow. Accordingly, a DoS in the simulation might have higher repercusions, dependingon the Industrial Control System (ICS) ICS infrastructure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QMBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QLBDE CoreOS version ""05.65.00.BD"" and earlier, GT1455HS-QTBDE CoreOS version ""05.65.00.BD"" and earlier, and GT1450HS-QMBDE CoreOS version ""05.65.00.BD"" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QMBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QLBDE CoreOS version ""05.65.00.BD"" and earlier, GT1455HS-QTBDE CoreOS version ""05.65.00.BD"" and earlier, and GT1450HS-QMBDE CoreOS version ""05.65.00.BD"" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QMBDE CoreOS version ""05.65.00.BD"" and earlier, GT1450-QLBDE CoreOS version ""05.65.00.BD"" and earlier, GT1455HS-QTBDE CoreOS version ""05.65.00.BD"" and earlier, and GT1450HS-QMBDE CoreOS version ""05.65.00.BD"" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16992, CVE-2020-16993.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An off-by-one error within the ""LibRaw::kodak_ycbcr_load_raw()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Azure Sphere Denial of Service Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Microweber v1.1.18 is affected by no session expiry after log-out.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Remote Desktop Protocol Server Information Disclosure Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Bind Filter Driver Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in ""cite"" parameter, the payload will be stored in the database.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package jsreport-chrome-pdf before 1.10.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Network File System Denial of Service Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Error Reporting Denial of Service Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows KernelStream Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Print Spooler Remote Code Execution Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol leaks information regarding the receiving serverinformation, license information and managing licenses, among others.Through this flaw, attackers can retreive information about a KUKA simulation system, particularly, the version ofthe licensing server, which is connected to the simulator, and which will allow them to launch local simulationswith similar characteristics, further understanding the dynamics of motion virtualization and opening doors toother attacks (see RVDP#711 and RVDP#712 for subsequent vulnerabilities that compromise integrity andavailability).Beyond compromising simulations, Visual Components provides capabilities to interface with industrial machinery.Particularly, their PLC Connectivity feature 'makes it easy' to connect simulations with control systems usingeither the industry standard OPC UA or other supported vendor specific interfaces. This fills the gap of jumpingfrom simulation to real and enables attackers to pivot from the Visual Components simulator to robots or otherIndustrial Control System (ICS) devices, such as PLCs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows Print Configuration Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows WalletService Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Kernel Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows MSCTF Server Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Windows Canonical Display Driver Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Word Security Feature Bypass Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no ""guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Limitation of a Pathname to a Restricted Directory (""Path Traversal"") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Internet Explorer Memory Corruption Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Graphics Component Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ARM Trusted Firmware-A allows information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Browser Memory Corruption Vulnerability,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Windows Win32k Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows WalletService Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Win32k Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Port Class Library Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Desktop Protocol Client Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Raw Image Extension Information Disclosure Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17083.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,HIGH,HIGH
"In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Sentrifugo 3.2, users can share an announcement under ""Organization -> Announcements"" tab. Also, in this page, users can upload attachments with the shared announcements. This ""Upload Attachment"" functionality is suffered from ""Unrestricted File Upload"" vulnerability so attacker can upload malicious files using this functionality and control the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Sentrifugo 3.2, users can upload an image under ""Assets -> Add"" tab. This ""Upload Images"" functionality is suffered from ""Unrestricted File Upload"" vulnerability so attacker can upload malicious files using this functionality and control the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17018, CVE-2020-17021.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16979.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17016, CVE-2020-17060.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17017.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of ""verify-peer=no"" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is ""ASLR bypass itself is not a vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Office Online Spoofing Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Microsoft SharePoint Remote Code Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17015, CVE-2020-17016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Windows Kernel Local Elevation of Privilege Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windows Delivery Optimization Information Disclosure Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17074, CVE-2020-17076.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A DNS rebinding vulnerability in Freebox v5 before 1.5.29.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings),NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in ""terminal"" and ""file_loader"" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because ""the CSV file is accurately generated based on the database contents.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states ""This vulnerability occurred due to wrong configuration of system.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-140256621",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the ""path"" or ""Services+ID"" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the ""name"" parameter with the malicious code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec ""backdoor"" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec (""backdoor"") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.,LOCAL,HIGH,HIGH,NONE,CHANGED,NONE,NONE,LOW
"In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.",LOCAL,HIGH,HIGH,NONE,CHANGED,NONE,LOW,LOW
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
"A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
WordPress before 5.5.2 allows stored XSS via post slugs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Git LFS 2.12.0 allows Remote Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName"", ""alias"" in the import certificate trusted page",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName"", ""searchValue"", ""searchDescription"", ""searchDefaultValue"",""searchPlugin"", ""searchDescription"" and ""searchDynamic"" in the Server Properties and Security Audit Viewer JSP page",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request ""searchName"", ""searchValue"", ""searchDescription"", ""searchDefaultValue"",""searchPlugin"", ""searchDescription"" and ""searchDynamic"" in server-properties.jsp and security-audit-viewer.jsp",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of ""VIRTIO_GPU_CMD_SET_SCANOUT:"" commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter ""unique_error_numbers"" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"SQL Injection vulnerability in ""Documents component"" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
This affects the package phantom-html-to-pdf before 0.6.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization gadget chain. The socket is not bound exclusively to localhost. The port this socket is assigned to is randomly selected and is not intentionally exposed to the public (either by design or documentation). This could potentially be used to achieve remote code execution and local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL ""pacman -U <url>"" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IceWarp 11.4.5.0 allows XSS via the language parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the ""OSMalloc"" and ""copyin"" kernel API calls.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file ""at.obdev.littlesnitchd.plist"" which gets installed to /Library/LaunchDaemons.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived ""Multiple Security Vulnerabilities in WebCit 926"" thread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived ""Multiple Security Vulnerabilities in WebCit 926"" thread.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived ""Multiple Security Vulnerabilities in WebCit 926"" thread.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived ""Multiple Security Vulnerabilities in WebCit 926"" thread.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Winston 1.5.4 devices are vulnerable to command injection via the API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The API on Winston 1.5.4 devices is vulnerable to CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{""keyId""%3a""''"",""groupId""%3a""'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+""}]",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NeDi 1.9C allows inc/rt-popup.php d XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C allows pwsec.php oid XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,HIGH
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.,LOCAL,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a ""32 bits colors"" case, aka case 32.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a ""16 bits colors"" case, aka case 16.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a ""16 colors"" case, aka case 4.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute's value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package pathval.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url ""/bdswebui/assignusers/"".",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation when the affected software processes certain OSPFv2 packets with Link-Local Signaling (LLS) data. An attacker could exploit this vulnerability by sending a malformed OSPFv2 packet to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_whitelist] parameters to system/preferences.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ""ssh_deletekeys: 0"", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the ""manage the API"" page of the API Publisher.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In libsndfile version 1.0.28, an error in the ""aiff_read_chanmap()"" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-origin issue existed with ""iframe"" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a ""resize to twice the size"" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker could exploit this vulnerability by sending crafted, fragmented IP traffic to a targeted device. A successful exploit could allow the attacker to continuously consume memory on the affected device and eventually impact traffic, resulting in a DoS condition. The device could require a manual reboot to recover from the DoS condition. Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version 6 (IPv6) traffic.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious ""cmd.exe"" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's ""shell()"" function, it will attempt to search for ""cmd.exe"" in the folder of the current application and run the malicious ""cmd.exe"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match ""pfe_ipc|kmem"" pfe_ipc 147 5K - 164352 16,32,64,8192 <-- increasing vm.kmem_map_free: 127246336 <-- decreasing pfe_ipc 0 0K - 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version 1.0.1. If you don't use the `tag` input you are most likely safe. The `GITHUB_REF` environment variable is protected by the GitHub Actions environment so attacks from there should be impossible. If you must use the `tag` input and cannot upgrade to `> 1.0.0` make sure that the value is not controlled by another Action.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method ""wraps the lxml library"" and that this may be an issue to ""raise ... to the lxml group.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing ""URL Filtering service"", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the ""Idle"" value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka 'Windows Storage VSP Driver Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the ""show task memory detail | match policy | match evpn"" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.,NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16935.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WSO2 API Manager 3.1.0 and earlier has reflected XSS on the ""publisher"" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka 'Azure Functions Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).,NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LibreOffice and OpenOffice automatically open embedded content,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation for certain fields of specific SSL/TLS messages. An attacker could exploit this vulnerability by sending a malformed SSL/TLS message through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. No manual intervention is needed to recover the device after it has reloaded.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eSupplier Connection. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eSupplier Connection accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eSupplier Connection accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N).,NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Suite Secure Enterprise Search accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Suite Secure Enterprise Search accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic. For example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access. If instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances. If the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload. The issue is patched in version 0.4.0.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,NONE,NONE
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is ""We do not believe that TX power authentication would be a useful defense against relay attacks.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user&rsquo;s account.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by first entering input within the web-based management interface and then persuading a user of the interface to view the crafted input within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka 'Windows Text Services Framework Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16907.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16876.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16920.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka 'Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16909.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16913.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka 'Windows Enterprise App Management Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects only Cisco Wireless LAN Controllers that are running Cisco Mobility Express Release 8.5.103.0. Cisco Bug IDs: CSCvg07024.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework.",PHYSICAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16905.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full ""member"" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16968.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16918.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (""Allow logon without password"") is enabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka 'Microsoft Exchange Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16923.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka 'PowerShellGet Module WDAC Security Feature Bypass Vulnerability'.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka '.NET Framework Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server ""superuser"" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because ""admins are considered trustworthy""; however, the behavior ""contradicts our security policy"" and is being fixed for 5.2.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl ""engine"") on invocation. If that curl is invoked by a privileged user it can do anything it wants.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka 'Windows NAT Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16938.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka 'Dynamics 365 Commerce Elevation of Privilege Vulnerability'.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16901.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jfrog Artifactory uses default passwords (such as ""password"") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the ""role"" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16956.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1167.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16916.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with ""--enable-native-pkcs11"" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the ""use-grammar-pool-only"" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation "".roa"" files or X509 Certificate Revocation List files from the RPKI relying party's view.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,HIGH
"SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for ""syncPointList"" not being correctly sanitsed.",ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 20.03 allows remote attackers to inject arbitrary web script or HTML via the request parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11497.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,LOW
"An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (""root"") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.,PHYSICAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,LOW
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.,LOCAL,HIGH,HIGH,REQUIRED,CHANGED,NONE,HIGH,HIGH
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST interface.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.9.19, lack of input validation in the heading tag option of the ""Articles - Newsflash"" and ""Articles - Categories"" modules allows XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,LOW
"Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka ""straight-line speculation.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of incoming SIP traffic. An attacker could exploit this vulnerability by sending a series of SIP packets to an affected device. A successful exploit could allow the attacker to exhaust memory on an affected device, causing it to crash and leading to a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. IBM X-Force ID: 165877.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the ""local port forwarding"" and ""dynamic port forwarding"" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.4), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE XP/XC/XF-200 switch family (incl. SIPLUS NET variants) (All versions < V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availability of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
"Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid device credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. NX-OS versions prior to 8.3(1) are affected.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious sites where the GTI reputation is carefully manipulated and does not correctly trigger the ENS Firewall to block the connection.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,HIGH
Path traversal using symlink in npm harp module versions <= 0.29.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the ""Login with Twitter"" component allowing an attacker to provide alternate credentials. In the final step of ""Login with Twitter"" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at ""C:\DLLs\python3.dll,"" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS, version 01.01.07 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the &ldquo;plug-and-play&rdquo; services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit this vulnerability by gaining unrestricted access to the restricted shell and using the specific debug commands. A successful exploit could allow the attacker to enable the microphone of an affected device to record audio without notifying users.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the underlying Linux OS. The attacker would need valid device credentials. The vulnerability exists because the software improperly validates user-supplied input at the CLI authentication prompt for development shell access. An attacker could exploit this vulnerability by authenticating to the device and entering crafted input at the CLI. A successful exploit could allow the attacker to access the AP development shell without proper authentication, which allows for root access to the underlying Linux OS. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11224.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit PhantomPDF Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11308.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.",PHYSICAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,LOW,LOW
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation ""GetQuantumRange(depth)+1"" when ""depth"" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large ""max_value"" value.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large ""extent"" field in the header but does not contain sufficient backing data, is provided, the loop over ""length"" would consume huge CPU resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
Re:Desk 2.3 allows insecure file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the ""./"" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that glusterfs server does not properly sanitize file paths in the ""trusted.io-stats-dump"" extended attribute which is used by the ""debug/io-stats"" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the ""mknod"" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an ""emulatorbin"" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an ""emulator"" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an account takeover. As a workaround you may cherry-pick the following commit from the project's repository to your running instance of NodeBB: 16cee1b03ba3eee177834a1fdac4aa8a12b39d2a. This is fixed in version 1.14.3.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Ming (aka libming) 0.4.8 has an ""fill overflow"" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to ""0/3 line wrapping equalization.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). The supported version that is affected is Java Advanced Management Console: 2.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of ""RFC 6749 compliant"" is valid and not misleading and I also therefore wouldn't describe this as a ""vulnerability"" with the library per se.'",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284),NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping ""<option>"" elements in ""<select>"" ones changes parsing behavior, leading to possibly unsanitizing code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
All versions of package safetydance are vulnerable to Prototype Pollution via the set function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in ""onefile"" mode is launched by a privileged user (at least more than the current one) which have his ""TempPath"" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The ""X-Reason"" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a request to an affected device through the web-based management interface. A successful exploit could allow the attacker to return running configuration information that could also include sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.,LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that ""The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload process. It only serves the uploaded PDF files and the responsibility of uploading PDF file remains with the Site owner of Wordpress installation, the upload of PDF file is managed by Wordpress core and not by PDF Embedder Plugin. Control & block of polyglot file is required to be taken care at the time of upload, not on showing the file. Moreover, the reference mentions retrieving the files from the browser cache and manually renaming it to jar for executing the file. That refers to a two step non-connected steps which has nothing to do with PDF Embedder.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker could exploit this vulnerability by logging in to the CLI of an affected device, accessing a specific file, and leveraging this information to authenticate to the NX-API server. A successful exploit could allow an attacker to make configuration changes as administrator. Note: NX-API is disabled by default. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device in a sustained way. A successful exploit could cause the network stack of an affected device to run out of available buffers, impairing operations of control plane and management plane protocols, resulting in a DoS condition. Note: This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. Nexus 1000V Switch for Microsoft Hyper-V is affected in versions prior to 5.2(1)SM3(2.1). Nexus 1000V Switch for VMware vSphere is affected in versions prior to 5.2(1)SV3(4.1a). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(6) and 9.2(2). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(11), 7.0(3)I7(6), and 9.2(2). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5) and 9.2(2). Nexus 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(5)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22. Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5) and 9.2(2). UCS 6200 and 6300 Series Fabric Interconnect are affected in versions prior to 3.2(3j) and 4.0(2a). UCS 6400 Series Fabric Interconnect are affected in versions prior to 4.0(2a).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages system resources. An attacker could exploit this vulnerability by opening a large number of simultaneous sessions on the web-based management interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition of the web-based management interface, preventing normal management operations.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted form of a limited subset of local management CLI commands. An exploit could allow the attacker to overwrite an arbitrary files on disk or inject CLI command parameters that should have been disabled. This vulnerability is fixed in software version 4.0(2a) and later.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional ""Hash"" Armor Headers. The ""Hash"" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This affects the package simpl-schema before 1.10.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error, which may prevent ingress buffers from being replenished under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to consume all input buffers, which are shared between all interfaces, leading to a queue wedge condition in all active interfaces. This situation would cause an affected device to stop processing any incoming traffic and result in a DoS condition until the device is reloaded manually.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NTP through 4.2.8p12 has a NULL Pointer Dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application directory and elevate privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,LOW
"Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of ""null"".",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP can change user-defined event properties without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises integrity of the user-defined event properties and the availability of corresponding functionality. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=""/etc/passwd"") or unintended embedded Ruby code execution (such as a string that begins with template=""string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the ""CloudMe Sync"" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Firepower 4100 Series Next-Generation Firewalls are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. Firepower 9300 Security Appliance are affected running software versions prior to 2.2.2.91, 2.3.1.110, and 2.4.1.222. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25) and 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.1(5)N1(1b) and 7.3(4)N1(1). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3500 Platform Switches and Nexus 3000 Series Switches software versions prior to 7.0(3)I7(4) are affected.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. Nexus 3000, 3500, and Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected device. An exploit could allow the attacker to gain unauthorized access to information by using the API key credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using ""private_key_jwt"" authentication the uniqueness of the `jti` value is not checked. When using client authentication method ""private_key_jwt"", OpenId specification says the following about assertion `jti`: ""A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties"". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Froala Editor before 3.2.2 allows XSS via pasted content.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.,LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.,LOCAL,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RainbowFish PacsOne Server 6.8.4 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,LOW
"In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,HIGH
"In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,NONE
"In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Checkstyle before 8.18 loads external DTDs by default.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bitcoin Core 0.20.0 allows remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file download was found in the ""Download Log"" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep ""6231 0500"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,LOW
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated ""there is simply no way for anyone to gain privileges through this alleged issue.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.,LOCAL,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.,LOCAL,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.,LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects: MongoDB Inc. MongoDB Enterprise Kubernetes Operator version 1.0, 1.1, 1.2 versions prior to 1.2.4, 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol ""__aeabi_uidiv"" /sbin/veriexec: Undefined symbol ""__aeabi_uidiv"" /sbin/veriexec: Undefined symbol ""__aeabi_uidiv"" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's ""relaxed"" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the ""set font"" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.,LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka ""Microsoft ActiveX Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka "".NET Framework Denial Of Service Vulnerability."" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka ""Internet Explorer Remote Code Execution Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ""Windows VBScript Engine Remote Code Execution Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ismartgate PRO 1.5.9 is vulnerable to clickjacking.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts (""Import Contacts"" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the ""Application Starter"" module) within the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement ""intervals = malloc(first_backup * sizeof(*intervals));""). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because ""python -m"" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security misconfiguration exists in Combodo iTop, which can expose sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. ""The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-150226608",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the ""backdoor"" login access for ""admin"" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146204120",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-150160041",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150159906",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-150160279",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150159669",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136660304",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130231426",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-112051700",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to be triggered with different parameters, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137794014",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their ""company"" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a ""begin TLS"" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka ""response injection.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282168",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141455849",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356209",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153654357",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153879099",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119671929",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-63522940",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146516087",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002540",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144920149",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119672472",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147002762",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a possible way to view notifications even when the ""Lockdown"" feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124000380",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154921790",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148627993",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153995991",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156959408",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In getNotificationBuilder of CarrierServiceStateTracker.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155092443",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In showLimitedSimFunctionWarningNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153993591",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155646800",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via ""/settings/v1/users"" function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent ""stop"" state.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the ""Created by"" metadata.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.',NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be ""fluff"" in the NGINX use case because there is no remote attack surface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka 'Xamarin.Forms Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0856.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0718.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0761.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Security Feature Bypass Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'Windows Start-Up Application Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin ""filebrowser"" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka 'Windows Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Windows Shell Infrastructure Component Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,LOW
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to ""radius"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
inspircd in Debian before 2.0.7 does not properly handle unsigned integers.  NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a ""\032"" (whitespace) character in a hostname.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,LOW
"Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1332, CVE-2020-1335, CVE-2020-1594.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16872, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.),NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In 32-bit versions of Firefox, the Adobe Flash plugin setting for ""Enable Adobe Flash protected mode"" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Potential buffer overflow when accessing npu debugfs node ""off""/""log"" with large buffer size' in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55, SM6150, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with ""cf push"" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the ""<!DOCTYPE html"" substring in a crafted HTML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization.  NOTE: this vulnerability may be a duplicate of CVE-2016-3627.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6574AU, QCA8081, QCM2150, QCN7605, QCN7606, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.,LOCAL,LOW,HIGH,NONE,CHANGED,LOW,HIGH,LOW
"apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application's configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious FrameMaker file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,HIGH
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ8074, Kamorta, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCA8081, QCS404, QCS605, QCS610, QM215, Rennell, SA415M, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.,LOCAL,HIGH,HIGH,REQUIRED,CHANGED,LOW,LOW,LOW
"u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only ""null pointer dereferences, division by zero, and anything that would just fit as DoS.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group&ndash;based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a ""Too many connections"" error, then use default magmi:magmi basic authentication to remotely bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N).",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.",LOCAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.  NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the REST API URL request. An attacker could exploit this vulnerability by sending a malicious URL to the REST API. If successful, an exploit could allow the attacker to view sensitive system information. Cisco Bug IDs: CSCvg89442.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software lock that could prevent other system processes from getting CPU cycles, causing a high CPU condition. An attacker could exploit this vulnerability by sending a steady stream of malicious IP packets that can cause connections to be created on the targeted device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition during which traffic through the device could be delayed. This vulnerability applies to either IPv4 or IPv6 ingress traffic. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 2100 Series Security Appliances, Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvf63718.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by authenticating to an affected system and injecting malicious arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco Bug IDs: CSCvg38807.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input validation of CLI command user input. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a CLI command with crafted user input. A successful exploit could allow the attacker to execute arbitrary commands on the affected system that should be restricted. The attacker would need to have valid user credentials for the device. Cisco Bug IDs: CSCvf49844.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the ""Table from CSV"" macro.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,LOW
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the ""Table from CSV"" macro (URL parameter).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. The vulnerability does not require that the license be used. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51693, CSCve91634, CSCve91659, CSCve91663.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the ""t"" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the ""Appointment_ID"" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
"managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Maltego before 4.2.12 allows XXE attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.,NETWORK,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,NONE
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.,NETWORK,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/controller.php?action=add URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package deeps are vulnerable to Prototype Pollution via the set function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php',NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,NONE,LOW,LOW
"This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,LOW
"Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Metasploit Framework module ""auxiliary/admin/http/telpho10_credential_dump"" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,LOW,NONE
"A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides ""Cannot connect to"" error messages to inform the attacker about closed ports.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information,",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.104. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5754.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5428.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5494.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ""Calendar -> New Event"" action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,LOW,LOW
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"webTareas v2.1 is affected by Cross Site Scripting (XSS) on ""Search.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-6221.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D Texture Resource structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5408.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,LOW
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based ""trusted client"" protection mechanism.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging ""limited access to the machine.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.",PHYSICAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a ""direct object reference vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.",PHYSICAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; however, this can be circumvented using special shell variables, such as '${IFS}'. As a result, an attacker can execute arbitrary commands as 'root' on the units.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,LOW
"ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module ""Configuration.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module ""Configuration.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9.2 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings. NOTE: this is disputed because it only affects misconfigured installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted ""going live"" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11303.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11304.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="""" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references]",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka ""Linux pciback missing sanity checks.""",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via ""Username: admin'# && Password: (Write Something)"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via ""Username: admin'# && Password: (Write Something)"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the allocated buffer, a memory write out of the buffer boundaries occurs. This write operation provides a possibility to overwrite other variables allocated in the .bss section by the application. Because the sender of the frame is in control of the content that will be written beyond the buffer limits, and there is no strict process memory separation, this issue may allow overwriting of sensitive memory areas of an IoT device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get request response is assembled, a stack buffer dedicated for OIDs (with a limited capacity) is allocated in snmp_engine_get_bulk(). When snmp_engine_get_bulk() is populating the stack buffer, an overflow condition may occur due to lack of input length validation. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function's return address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10764.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10977.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9881.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files from the GetTIFPalette method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9931.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.,NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.,NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to hijack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10972.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10950.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1486.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1561.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1573.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1562.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1574, CVE-2020-1585.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Accounts Control Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows WaasMedic Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1519.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1530.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1550.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1549.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1537.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Radio Manager API Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Custom Protocol Engine Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete ""customapp"" templates via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""FinderKit"" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka ""Windows Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka ""Windows IPSec Denial of Service Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka ""OpenType Font Driver Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0810.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0794.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0792.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka ""Microsoft Word Memory Corruption Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka ""Microsoft Edge Elevation of Privilege Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0757.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Memory Corruption Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka ""StructuredQuery Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE is unique from CVE-2018-0852.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE is unique from CVE-2018-0851.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka ""Microsoft Office Information Disclosure Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Word Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka "".NET Core Denial of Service Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka ""Hyper-V Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0939.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka ""Microsoft Access Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka ""Microsoft Exchange Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0941.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0891.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka ""Microsoft Exchange Elevation of Privilege Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka ""Microsoft Exchange Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0924.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka ""Microsoft Office Information Disclosure Vulnerability."" This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka ""HTTP.sys Denial of Service Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability."" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,LOW,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability."" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka ""Scripting Engine Information Disclosure Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Information Disclosure Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,LOW
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Mingw-w64 version 5.0.3 and earlier contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line ""currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);"" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames ""../"" to write arbitrary files to the filesystem..",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WebDorado ""Form Maker by WD"" plugin before 1.12.24 for WordPress allows CSV injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter ""srvName"" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain ""Private->RunningCode - 2"" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The plugin ""Advanced Order Export For WooCommerce"" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The plugin ""WordPress Comments Import & Export"" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Signature verification of the skel library could potentially be disabled as the memory region on the remote subsystem in which the library is loaded is allocated from userspace currently in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the ""ssid"" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the ""modgroup"" parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, aka ""another command injection vulnerability in our target device,"" a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app component named com.android.server.MasterClearReceiver instead of statically registering it in the AndroidManifest.xml file of the core Android package, as done in Android Open Source Project (AOSP) code for Android 4.4.2. The dynamic-registration of the MasterClearReceiver broadcast receiver app component is not protected with the android.permission.MASTER_CLEAR permission during registration, so any app co-located on the device, even those without any permissions, can programmatically initiate a factory reset of the device. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of core Android process.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory (versionCode=1, versionName=1.0) that contains an exported broadcast receiver named com.wtk.factory.MMITestReceiver allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user ""root"" and password ""admin"" by using the enabled onboard UART headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the ""AD Delegation"" ""Help Desk Technicians"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The ""send"" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the ""send"" command, thus leading to automatic transmission of an attacker crafted email from the target account.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the ""Minimum Password Length"" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the ""Encryption Management Agent"" or ""EMAgent"" application. There are no other known values modified.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AccuPOS 2017.8 is installed with the insecure ""Authenticated Users: Modify"" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OPSWAT MetaDefender before v4.11.2 allows CSV injection.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DEISER ""Profields - Project Custom Fields"" app before 6.0.2 for Jira has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows ""null"" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list(""Storage_x_SharedPath"") request, because ej_select_list in router/httpd/web.c uses strcpy.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory.  NOTE: this product has been obsolete since June 2013.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The html package (aka x/net/html) before 2018-07-13 in Go mishandles ""in frameset"" insertion mode, leading to a ""panic: runtime error"" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a ""panic: runtime error"" in parseCurrentToken in parse.go during an html.Parse call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive ""git clone"" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing ""esc"" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an ""improper server side validation"" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. IBM X-Force ID: 148806.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a ""panic: runtime error"" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authenticated session is first required. In some cases client calls are obfuscated by encryption, which can be bypassed due to hard-coded keys and an insecure key rotation protocol. Impacts may include remote code execution in some deployments; however, the vendor states that this cannot occur when the installation documentation is heeded.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttributsNode function in XmlAltoOutputDev.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an ""Update Profile"" ""Change Picture"" (aka user/edit-profile) action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the ""admin/index.php?m=database&c=del"" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an ""import os"" statement, followed by os.system(""cmd"") or os.system(""powershell""), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with ""#exec cmd"" because rejected files remain on the server, with predictable filenames, after a ""This file is not a valid image"" error message.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the ""product"" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the ""product"" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default ""admin"" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a ""-oProxyCommand"" argument.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002000 by the IRPFile.sys Antiy-AVL ATool kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data, which results in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation and a failed exploit could lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tarantella Enterprise before 3.11 allows bypassing Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type=""real"">' substring, as demonstrated by testmxml.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys ""?scope=all"" and ""?user=<username>"" query filter parameters. Enterprise editions with RBAC enabled are not affected.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by ""GET /login.html__passwd1"" and ""GET /login.html__passwd2"" and so on.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: ""The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has ""export to excel features"" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for ""Create an array for saving the template argument values"") that can trigger a heap-based buffer overflow, as demonstrated by nm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a ""public link"" of a file, or access to any unprivileged user account for creation of such a link.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the ""add dashboard pages"" feature where users can receive a malicious attack through a phished URL, with script executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Helpy before 2.2.0 allows agents to edit admins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions (""other"" write access) occur in certain cases (GE-6890).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jura E8 devices lack Bluetooth connection security.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
"Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the ""Gardener"" context. The issue is rated high due to the high impact of a potential exploitation in ""Gardener"" context. This was fixed in Gardener release 0.12.4.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,NONE,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). The supported version that is affected is 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Human Resources accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Office. CVSS 3.0 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Office. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Segment). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the ""Assets->Upload files"" screen and then the ""Replace it"" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the ""clips"" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the ""Terminal"" component. It allows user-assisted attackers to inject arbitrary commands within pasted content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Speech"" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-origin issue existed with ""iframe"" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential integer overflow in the ""DoCrypt"" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebRTC can use a ""WrappedI420Buffer"" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Sites can bypass security checks on permissions to install lightweight themes by manipulating the ""baseURI"" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.",PHYSICAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a ""_wan_if"" substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A boundary error within the ""quicktake_100_load_raw()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An error within the ""find_green()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An error within the ""LibRaw::parse_exif()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An error within the ""rollei_load_raw()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An error within the ""parse_rollei()"" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an ""Evil Twin"" attack.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to cause a denial of service (crash and reboot), via the callbackJson parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an ""ext::sh -c"" attack or an option injection attack.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the ""received"" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the ""other side"" of an interleaved association causing the victim ntpd to reset its association.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an ""=cmd|' /C calc'!A0"" payload during User Creation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy ""frame-ancestors' values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading ""ffree: "" lines in a debugfs file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mautic before 2.13.0 allows CSV injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the way that Windows handles objects in memory, aka ""Microsoft Graphics Component Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ""Windows Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ""Microsoft Exchange Memory Corruption Vulnerability."" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka ""Visual Studio Remote Code Execution Vulnerability."" This affects Microsoft Visual Studio, Expression Blend 4.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ""Windows VBScript Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka ""WEBDAV Denial of Service Vulnerability."" This affects Windows 10 Servers, Windows 10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ""Windows Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka ""Hypervisor Code Integrity Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka ""Microsoft Publisher Remote Code Execution Vulnerability."" This affects Microsoft Publisher.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ""Media Foundation Memory Corruption Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka ""Microsoft Edge Spoofing Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka "".NET Framework Remote Code Injection Vulnerability."" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ""Microsoft Exchange Memory Corruption Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ""Windows Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka ""Microsoft Office Tampering Vulnerability."" This affects Microsoft Word, Microsoft Office.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka ""Microsoft Access Remote Code Execution Vulnerability."" This affects Microsoft Access, Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka ""Windows Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka ""Windows PDF Remote Code Execution Vulnerability."" This affects Windows 10 Servers, Windows 10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka ""Microsoft Browser Information Disclosure Vulnerability."" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka ""Microsoft Exchange Server Tampering Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ""Microsoft Office Information Disclosure Vulnerability."" This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka ""Microsoft Edge Spoofing Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka ""Microsoft Edge Spoofing Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka ""Microsoft JET Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka ""Microsoft JET Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ""GDI+ Remote Code Execution Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability."" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when ""Kernel Remote Procedure Call Provider"" driver improperly initializes objects in memory, aka ""MSRPC Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka ""System.IO.Pipelines Denial of Service."" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ""NTFS Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when ""Windows Theme API"" does not properly decompress files, aka ""Windows Theme API Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka "".NET Core Tampering Vulnerability."" This affects .NET Core 2.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka ""Microsoft Edge Spoofing Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ""Microsoft Graphics Components Remote Code Execution Vulnerability."" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8457, CVE-2018-8459.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka ""Windows Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka ""Windows Media Player Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka ""Windows Media Player Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka ""Windows Shell Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ""Microsoft Windows Codecs Library Information Disclosure Vulnerability."" This affects Windows 10 Servers, Windows 10, Windows Server 2019.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka ""Remote Procedure Call runtime Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka ""Microsoft Outlook Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka ""Microsoft Outlook Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka ""Azure IoT Device Client SDK Memory Corruption Vulnerability."" This affects Hub Device Client SDK, Azure IoT Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A denial of service vulnerability exists in Skype for Business, aka ""Microsoft Skype for Business Denial of Service Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ""Microsoft Graphics Components Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka ""DirectX Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka ""Microsoft Edge Spoofing Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka ""Yammer Desktop Application Remote Code Execution Vulnerability."" This affects Yammer Desktop App.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ""Microsoft Word Remote Code Execution Vulnerability."" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka ""Microsoft Project Remote Code Execution Vulnerability."" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka ""Microsoft Outlook Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ""Microsoft SharePoint Information Disclosure Vulnerability."" This affects Microsoft SharePoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when attaching files to Outlook messages, aka ""Microsoft Outlook Information Disclosure Vulnerability."" This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka ""Microsoft Outlook Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka ""Microsoft Outlook Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ""Microsoft Excel Information Disclosure Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka ""Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability."" This affects Microsoft Dynamics 365.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka ""Windows DNS Server Heap Overflow Vulnerability."" This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka ""Microsoft Excel Information Disclosure Vulnerability."" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka ""Microsoft PowerPoint Remote Code Execution Vulnerability."" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8597.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka ""DirectX Information Disclosure Vulnerability."" This affects Windows 10, Windows Server 2019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ""Windows Denial of Service Vulnerability."" This affects Windows 10, Windows Server 2019.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-AudIT before 2.2 has CSV Injection.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message ""mbuf exceed"" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_logs.0:Jun 8 03:25:24 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 52%. ... Eventually the system runs out of mbufs and the system crashes (fails over) with the error ""mbuf exceed"". This issue only occurs when HTTP AV inspection is configured. Devices configured for Web Filtering alone are unaffected by this issue. Affected releases are Junos OS on SRX Series: 12.1X46 versions prior to 12.1X46-D81; 12.3X48 versions prior to 12.3X48-D77; 15.1X49 versions prior to 15.1X49-D101, 15.1X49-D110.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service (i.e. denial of service). Fixed in versions 3.1 SP03 PL02, SDK 3.1 SP04, or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,LOW
"Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system ""root"" privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka ""Microsoft Visual Studio Information Disclosure Vulnerability."" This affects Microsoft Visual Studio.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ""Microsoft Windows Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka ""Visual Studio Remote Code Execution Vulnerability."" This affects Microsoft Visual Studio.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka ""Windows DHCP Client Remote Code Execution Vulnerability."" This affects Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege exists in Windows COM Desktop Broker, aka ""Windows COM Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka ""Microsoft XmlDocument Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka ""Microsoft Outlook Information Disclosure Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka ""Microsoft Office Information Disclosure Vulnerability."" This affects Office 365 ProPlus, Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka ""Microsoft Word Information Disclosure Vulnerability."" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka ""Microsoft Edge Elevation of Privilege Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ""Windows Runtime Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ""Windows Data Sharing Service Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ""Windows Data Sharing Service Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ""Windows Data Sharing Service Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka ""Windows Data Sharing Service Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ""Jet Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ""Microsoft Word Remote Code Execution Vulnerability."" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ""Microsoft Exchange Memory Corruption Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka ""Microsoft Exchange Information Disclosure Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0599, CVE-2019-0625.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0592.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka ""Skype for Business 2015 Spoofing Vulnerability."" This affects Skype.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0645, CVE-2019-0650.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka 'Windows Defender Firewall Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from CVE-2019-0658.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0652, CVE-2019-0655.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0674, CVE-2019-0675.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0936.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0844.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0802.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0901, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0909, CVE-2019-0974.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0937.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka 'Unified Write Filter Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0984.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1014, CVE-2019-1017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in Azure Automation ""RunAs account"" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default ""obj""), aka 'NuGet Package Manager Tampering Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0959.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0983.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to ""any"" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type ""json-patch"" (e.g. `kubectl patch --type json` or `""Content-Type: application/json-patch+json""`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1055, CVE-2019-1080.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by `adb root` can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800, https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled, and an attacker has physical access, `adb shell setprop service.adb.root 1` allows restarting adb as root.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop's revenue data. The fixed version is: 2.3.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1014.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fleet before 2.1.2 allows exposure of SMTP credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
parse-server before 3.6.0 allows account enumeration.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1027, CVE-2019-1028.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1028.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1034.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1065.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory, aka 'Windows Network File System Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, Rennell, SC8180X, SDA845, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id=""uniqkey-password-popup"" and password-popup/popup.html.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to the stream with hidden credentials (guest or user) that are neither displayed nor configurable in the camera's CamHi or keye mobile management application. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the ""exec"" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the ""exec"" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the ""exec"" function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"compile-sass prior to 1.0.5 allows execution of arbritary commands. The function ""setupCleanupOnExit(cssPath)"" within ""dist/index.js"" is executed as part of the ""rm"" command without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"enpeem through 2.2.0 allows execution of arbitrary commands. The ""options.dir"" argument is provided to the ""exec"" function without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1074.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id=""uniqkey-password-popup"" and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Computrols CBAS 18.0.0 allows Username Enumeration.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 allows Authentication Bypass.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access to a social media login page.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9.2.1.1 may allow an authenticated user to potentially enable escalation of privilege via local attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring ""success"" when an arbitrary password is provided.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1194.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1153.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions of Couchbase Server prior to 5.0, the bucket named ""default"" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including ""default"" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the ""default"" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1151, CVE-2019-1152.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.10.1 allows Content Spoofing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the ""open door"" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1156, CVE-2019-1157.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1157.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by ""Epic Name"".",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1164.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka 'Windows File Signature Security Feature Bypass Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. This allows attackers to discover and avoid this honeypot system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1159.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the ""GRO packet of death"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists where the caret (""^"") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Navigation events were not fully adhering to the W3C's ""Navigation-Timing Level 2"" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1184, CVE-2019-1186.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.10.1 and earlier has Insecure Permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a ""This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading"" message.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka 'Windows Image Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which Java class this JSON request is deserialized to. By doing so, the attacker can force the MapR CLDB to construct a URLClassLoader which loads a malicious Java class from a remote path and instantiate this object in the MapR CLDB, thus executing arbitrary code on the machine running the MapR CLDB and take over the cluster. By switching to the newer Jackson library and ensuring that all incoming JSON requests are only deserialized to the same class that it was serialized from, the vulnerability is fixed. This vulnerability affects the entire MapR core platform.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LemonLDAP::NG -2.0.3 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1201.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Privilege escalation in the ""HTC Account Service"" and ""ViveportDesktopService"" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating ""avoid reporting path disclosures, as we don't consider them as security vulnerabilities.""",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Istio 1.1.x through 1.1.6 has Incorrect Access Control.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the ""first strong character"" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a ""Don't send my language"" setting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a ""double fetch"" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of ""suddenly accelerate"" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's ""NETGEAR Genie"" SOAP API (""/soap/server_sa"") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The root_runner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts to load several libraries under /tmp/ruby-deploy.old/lib. A local unprivileged user can create a malicious library under this path to execute arbitrary code as the root user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher binary is setuid root. This program is called during the connection process and executes several operating system utilities to configure the system. The networksetup utility is called using relative paths. A local unprivileged user can execute arbitrary commands as root by creating a networksetup trojan which will be executed during the connection process. This is possible because the PATH environment variable is not reset prior to executing the OS utility.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpn_launcher.64 is setuid root. This binary creates /tmp/pia_upscript.sh when executed. Because the file creation mask (umask) is not reset, the umask value is inherited from the calling process. This value can be manipulated to cause the privileged binary to create files with world writable permissions. A local unprivileged user can modify /tmp/pia_upscript.sh during the connect process to execute arbitrary code as the root user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing Access Control in the ""Free Time"" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
DOSBox 0.74-2 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SiteVision 4 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, the login request is being sent in cleartext. The vulnerability exists in both the Android and iOS version of the app. An attacker could exploit this by using an MiTM attack on the local network to obtain someone's login credentials, which gives them full access to the robot vacuum cleaner.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containing information about the device ID, it is possible to connect an arbitrary device and gain full access to it. The device ID has an initial ""JSW"" substring followed by a six digit number that depends on the specific device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Webmin through 1.910, any user authorized to the ""Package Updates"" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {""a"":(function(){confirm(1)})()} input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Istio before 1.2.2 mishandles certain access tokens, leading to ""Epoch 0 terminated with an error"" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a ""magic"" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the ""docker build"" command would be able to gain command execution. An issue exists in the way ""docker build"" processes remote git URLs, and results in command injection into the underlying ""git clone"" command, leading to code execution in the context of the user executing the ""docker build"" command. This occurs because git ref can be misinterpreted as a flag.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled (""Reactivate inactive users""). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option ""User Update Method"" have the ""Update from SAML Attributes"" value.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a ""double file descriptor close"" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&#95;number, billing&#95;name, company, or billing&#95;address parameter. This is exploitable via CSRF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of &nbsp; expansion in acknowledge.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of &nbsp; expansion in svcstatus.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run "".sah"" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the community version.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
eGain Chat 15.0.3 allows HTML Injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potential information leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ6018, MDM9205, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the ""else"" block after calculating the new path length.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a ""t.hidden = true"" function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the ""Time Service Settings web"" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape.",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a ""sudo -u \#$((0xffffffff))"" command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Ricoh SP C250DN 1.06 devices, a debug port can be used.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit ""Full control"" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"3CX Phone 15 on Windows has insecure permissions on the ""%PROGRAMDATA%\3CXPhone for Windows\PhoneApp"" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as ""Set root password"") are exposed.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system(""/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intended for remote access to scripts. This web interface lacks server-side validation, which allows an attacker to create/modify/delete a script remotely without any password. Chaining both of these issues results in remote code execution on the Sahi Pro server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The ""username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains ""Password recovery for specific user"" options. The menu is believed to be accessible using a serial console.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"search-exclude.php in the ""Search Exclude"" plugin before 1.2.4 for WordPress allows unauthenticated options changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Intesync Solismed 3.3sp has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the ""All Post> Ticketed > Attendees"" Export Attendees feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted ""BackupConfig"" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""delete for"" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the ""command"" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Infosysta ""In-App & Desktop Notifications"" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission ""Everyone: (F)"" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to ""NT AUTHORITY\SYSTEM"" by substituting the service's binary with a Trojan horse.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet) to prevent a RIOT MQTT-SN client from working until the device is restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row&#91;name&#93; parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is ""vulnerable by design"" and the current behavior will be retained.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security.,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,LOW
"A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat ""header-value "" as a different string from ""header-value"" so for example with the Host header ""example.com "" one could bypass ""example.com"" matchers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript&#9;:alert substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because ""rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem).""",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",PHYSICAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. ""Linear pagetables"" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the ""depth"" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some ""linear_pt_entry"" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running ""select hostdetails from hostdetails"" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""301 Redirects - Easy Redirect Manager"" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-115739809",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In onPermissionGrantResult of GrantPermissionsActivity.java, there is a possible incorrectly granted permission due to a missing permission check. This could lead to local escalation of privilege on a locked device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-68777217",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass ""WebSudo"" in products that support ""WebSudo"" through an improper access control vulnerability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-121035042Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0Android ID: A-120866126",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can access the Developer options without authentication. The Samsung ID is SVE-2019-15800 (December 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The MALI GPU Driver allows a kernel panic. The Samsung ID is SVE-2019-14372 (August 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.40, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.24, R6400 before 1.0.1.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.18, and WNR3500Lv2 before 1.2.0.48.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599183",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-128599660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599668.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599467.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132647222.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130568701.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132083376.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035086,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141169173",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, Nicobar, QCA9980, QCS405, QCS605, SDM845, SDX24, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data and unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Security). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L).",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. Note: This Enterprise Common Component is used by all PeopleSoft Application products. Please refer to the <a target=""_blank"" href=""https://support.oracle.com/rs?type=doc&id=2487756.1"">MOS Note Doc ID 2493366.1 for patch information. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware (subcomponent: ESI/Partial Page Caching). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Cache, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Cache accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Cache accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,HIGH,HIGH
"Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Performance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Performance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Performance Management accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure). Supported versions that are affected are 6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Management accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Session Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12 and 18.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise SCM eProcurement, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure). Supported versions that are affected are 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Point-of-Service. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the JD Edwards World Technical Foundation component of Oracle JD Edwards Products (subcomponent: Service Enablement). Supported versions that are affected are A9.2, A9.3.1 and A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards World Technical Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards World Technical Foundation accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
"Vulnerability in the Siebel Core - Server BizLogic Script component of Oracle Siebel CRM (subcomponent: Integration - Scripting). The supported version that is affected is 19.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Core - Server BizLogic Script. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server BizLogic Script accessible data as well as unauthorized read access to a subset of Siebel Core - Server BizLogic Script accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Core - Server BizLogic Script. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the RDBMS DataPump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise RDBMS DataPump. Successful attacks of this vulnerability can result in takeover of RDBMS DataPump. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle AutoVue 3D Professional Advanced component of Oracle Supply Chain Products Suite (subcomponent: Format Handling - 2D). Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue 3D Professional Advanced. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue 3D Professional Advanced accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: File Locking Services). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: RemoteCall). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component of Oracle PeopleSoft Products (subcomponent: Job Opening). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Talent Acquisition Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Talent Acquisition Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pagelet Wizard). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure where Portable Clusterware executes to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Portable Clusterware. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Service Contracts component of Oracle E-Business Suite (subcomponent: Renewals). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Contracts, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Contracts accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Health Sciences Data Management Workbench component of Oracle Health Sciences Applications (subcomponent: User Interface). The supported version that is affected is 2.4.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences Data Management Workbench accessible data as well as unauthorized read access to a subset of Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence (OLTP)). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Center Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Center Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Center Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Center Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Setup, Admin). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Territory Management component of Oracle E-Business Suite (subcomponent: Territory Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Territory Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Territory Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Territory Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Territory Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise ELM component of Oracle PeopleSoft Products (subcomponent: Enterprise Learning Mgmt). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). The supported version that is affected is 18.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. While the vulnerability is in Oracle Hospitality Cruise Dining Room Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation Services). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management component of Oracle PeopleSoft Products (subcomponent: Application Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Transportation Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 11.2.0.3 and 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Merchandising accessible data as well as unauthorized read access to a subset of Oracle Commerce Merchandising accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Web Applications (InfoCenter)). Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: ODI Tools). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. While the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion Workspace accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N).",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,HIGH,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java VM. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Oracle Text. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Text accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text. CVSS 3.0 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Smart View). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of BI Publisher (formerly XML Publisher). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,HIGH,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data as well as unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Search). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core - Server Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data as well as unauthorized read access to a subset of Siebel Core - Server Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: XML Interface). Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 6.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,ADJACENT_NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Password Reset). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L).",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 8.0.5-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (subcomponent: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). The supported version that is affected is 12.1.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Clusterware accessible data as well as unauthorized read access to a subset of Oracle Clusterware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Clusterware. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). The supported version that is affected is 19.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). The supported version that is affected is 17.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: eMail). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: eProcurement). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and placing a carefully constructed file in the MA directory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked. The attacker requires physical access to the machine.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to ""blue screen"" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access to administrative information including credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A User Enumeration flaw exists in Harbor. The issue is present in the ""/users"" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the ""search"" functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,LOW,LOW
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.,ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 159228.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service ""I/O-Check"" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"There is an information leak vulnerability in some Huawei phones, versions earlier than Jackman-L21 8.2.0.155(C185R1P2). When a local attacker uses the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"There is a Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions before Emily-AL00A 9.0.0.167(C00E81R1P21T8). When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operations. As a result, the FRP function is bypassed and the attacker gains access to the smartphone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,LOW,LOW,HIGH
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated ""I don't think it is libpng's job to free this buffer.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PolicyKit (aka polkit) 0.115, the ""start time"" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a ""big"" pool.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a ""big"" pool.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of access controls.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured with a virtual server using a PPTP profile is exposed to this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of ""Guest"" or greater privilege. Note: ""No Access"" cannot login so technically it's a role but a user with this access role cannot perform the attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
"An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of ""options(MYSQLI_OPT_LOCAL_INFILE"" calls.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as ""CWE-284: Improper Access Control."" This vulnerability, for example, allows a potential attacker to delete video or read video data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the ""Comment"" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OX App Suite 7.10.0 and earlier has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices have Default Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow File Inclusion.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Command Injections.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Privilege Escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices have Cleartext Credentials in a Database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge 50P/5000P devices allow Authentication Bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nortek Linear eMerge 50P/5000P devices have Default Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,HIGH
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the ""create user"" function. If a register/check/username?username= request corresponds to a username that exists, then an ""is already in use"" error is produced. NOTE: this product is discontinued.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories ""inside"" the \\.\EPP device are not properly protected, leading to unintended impersonation or object creation. This vulnerability has been fixed in version 2018.12 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the ""aaaaa"" password, considered insecure for some use cases, from a user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command ""prompt"" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Joomla! before 3.9.3. The ""No Filtering"" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a buffer overrun vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally ""<hidden>"" as its secret is used in unusual circumstances.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the ""install module"" feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious and unauthorized actions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113575306",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36899497",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In keyguard, there is a possible escalation of privilege due to improper permission checks. This could lead to a local bypass of the keyguard under limited circumstances, with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119322269",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112892194",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663886",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661610",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661356",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661835",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661893",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111128067,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112917952",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859934,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112328051,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326322,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the m4v_h263 codec, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109891727",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In netd, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122677612",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120568007",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112434609",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130246677",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the ""cfg"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories ""inside"" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states ""This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because ""encrypted signal transmission"" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark products have Incorrect Access Control (issue 2 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
""""" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1557, CVE-2020-1558, CVE-2020-1564.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1485.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka 'Windows Kernel Information Disclosure Vulnerability'.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1580.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory, aka 'Windows Server Resource Management Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files, aka 'ASP.NET and .NET Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1516.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1474.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Shell Components Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1513.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1500, CVE-2020-1501.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1498.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1529.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1566.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1503, CVE-2020-1583.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1583.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a ""merge"" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OX App Suite through 7.10.3 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1484, CVE-2020-1516.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1547, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1551.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The "".encfs6.xml"" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting ""blockMACBytes"" to 0 and adding 8 to ""blockMACRandBytes"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic error vulnerability. In a special scenario, the system does not properly process. As a result, attackers can perform a series of operations to successfully establish P2P connections that are rejected by the peer end. As a result, the availability of the device is affected.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1486, CVE-2020-1566.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot;straight-line speculation, aka 'Windows ARM Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1489.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Telephony Server Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1518.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1517.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1538.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\ProgramData\ComposerSetup\bin\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\ProgramData\ComposerSetup\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous "" External Programs by uploading the malicious .exe file to the external program.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1522.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1521.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1500.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1499, CVE-2020-1501.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1498, CVE-2020-1504.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1495, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1504.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitive log data, which may include user credentials. To exploit this vulnerability, the attacker would need to have valid credentials at the operator level or higher on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. The vulnerability is due to an incorrect calculation of lexicographical order when displaying additional path information within Cisco IOS XR Software, which causes an infinite loop. An attacker could exploit this vulnerability by sending a specific BGP update from a BGP neighbor peer session of an affected device; an authorized user must then issue a show bgp command for the vulnerability to be exploited. A successful exploit could allow the attacker to prevent authorized users from properly monitoring the BGP status and prevent BGP from processing new updates, resulting in outdated information in the routing and forwarding tables.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000003d21b3.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server. This technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked. This issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions. This technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls. Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data. This issue is applicable to all current versions of PAN-OS.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,LOW,NONE
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.8-34 has a ""use of uninitialized value"" vulnerability in the ReadPANGOImage function in coders/pango.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.8-34 has a ""use of uninitialized value"" vulnerability in the WriteJP2Image function in coders/jp2.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DownloadFile does not require authentication to read arbitrary files from the system. IBM X-Force ID: 139473.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain sensitive information that they should not have authorization to read. IBM X-Force ID: 140395.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 140397.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ImageMagick 7.0.8-34 has a ""use of uninitialized value"" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used.,PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion BI+ accessible data as well as unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000003d21b3.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1525, CVE-2020-1554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server. This technique does not increase the risk of a host being compromised in the network. It does not impact the confidentiality or availability of a firewall. This is considered to have a low impact on the integrity of the firewall because the firewall fails to enforce a policy on certain traffic that should have been blocked. This issue does not impact the URL filtering policy enforcement on clear text or encrypted web transactions. This technique can be used only after a malicious actor has compromised a host in the protected network and the TLS/SSL Decryption feature is enabled for the traffic that the attacker controls. Palo Alto Networks is not aware of any malware that uses this technique to exfiltrate data. This issue is applicable to all current versions of PAN-OS.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,LOW,NONE
"Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.8-34 has a ""use of uninitialized value"" vulnerability in the ReadPANGOImage function in coders/pango.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.8-34 has a ""use of uninitialized value"" vulnerability in the WriteJP2Image function in coders/jp2.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection vulnerability in the ""qs"" procedure from the ""utils"" module in Chicken before 4.9.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or can cause the kernel to crash. Kernel memory disclosure is especially likely on 32-bit kernels; 64-bit kernels are more likely to crash on attempted exploitation. It is not believed that kernel memory corruption is possible, or that unattended kernel memory disclosure without the collaboration of a userspace program running on the host is possible. The vulnerability is in `HoRNDIS::receivePacket`. `msg_len`, `data_ofs`, and `data_len` can be controlled by an attached USB device, and a negative value of `data_ofs` can bypass the check for `(data_ofs + data_len + 8) > msg_len`, and subsequently can cause a wild pointer copy in the `mbuf_copyback` call. The software is not maintained and no patches are planned. Users of multi-tenant systems with HoRNDIS installed should only connect trusted USB devices to their system.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a ""fake"" DLL file.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator password. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in PostgreSQL's ""ALTER ... DEPENDS ON EXTENSION"", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with ""INSERT ... ON CONFLICT DO UPDATE"". An attacker with ""CREATE TABLE"" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain ""INSERT"" and limited ""UPDATE"" privileges to a particular table, they could exploit this to update other columns in the same table.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with ""host"" or ""hostaddr"" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of "".."" to reach an Apache HTTP Server log file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a ""cache stuffing"" issue and MS-DFS referrals.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.,ADJACENT_NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service (""overflow"" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a ""begin TLS"" response, eds reads additional data and evaluates it in a TLS context, aka ""response injection.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse(""[]"",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue. NOTE: the vendor states ""A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388""; in other words, this is not a CVE ID for a vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP-Fusion 9.03 allows XSS via the error_log file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SugarCRM before 10.1.0 (Q3 2020) allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with patterns such as http://, https://, //, or javascript. The only exceptions to this rule are the SAML Login/Logout URLs, which remain supported since they are explicitly configured and they are not passed via the returnUrl parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.",PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is "" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: "" with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a ""stack pointer underflow"" issue, as exploited in the wild in September 2010.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user's files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the ""Boot Hole"" issue for HPE signed GRUB2 applications.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mibew Messenger before 3.2.7 allows XSS via a crafted user name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the ""Forget password"" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the ""Forgot Password"" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known ""deserialization gadgets"". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown ""deserialization gadgets"" when enabling default typing.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an ""uninitialized cred pointer.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jeedom through 4.0.38 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the ""X-Forwarded-Prefix"" header. The Traefik API dashboard component doesn't validate that the value of the header ""X-Forwarded-Prefix"" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data.  NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.",LOCAL,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ""PCB Mobile"" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Community State Bank - Lamar Mobile Banking"" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect ""pair?"" check in the Scheme ""length"" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls ""length"" on it.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 183046.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In TYPO3 installations with the ""mediace"" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the ""mediace"" extension for TYPO3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The PgHero gem through 2.6.0 for Ruby allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the ""deserialization gadgets"" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown ""deserialization gadgets"" when configuring Kryo in code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tiki before 21.2 allows XSS because [\s\/""\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,LOW,LOW
"In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468).",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,HIGH,NONE
HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the ""My schedules and subscriptions"" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183319.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183320.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183321.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10710.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a ""property pollution"" issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ""stale elements.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenNMS is accessible via port 9443,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Use-after-free vulnerability in Open Litespeed before 1.3.10.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCN7606, QCS605, SC8180X, SDA660, SDA845, SDM439, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCM2150, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM636, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9724.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9721.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9720.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9728.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9737.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the ""%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been configured. This issue affects the Juniper Networks NFX250 Network Services Platform vSRX VNF instance on versions prior to 19.2R1.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9710.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the ""%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In ""I hate money"" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack, because it is trivial to become authenticated. This is fixed in version 4.1.5.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.  NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to ""com.branaghgroup.ecers.update.UpdateRequest"" object deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9738.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9730.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9727.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_ip parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9707.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9731.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the dominio parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9732.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9735.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9742.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9740.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9714.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the serverip parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9709.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9743.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_restart parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9734.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9739.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9706.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9746.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9718.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the status parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9708.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9717.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9723.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9722.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9745.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive  information from the responding device via port-5353 UDP packets.  NOTE: this may overlap CVE-2015-2809.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9726.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the ""CCS Injection"" vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-Force ID: 177402.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded ""dot dot"" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a ""CSRF token expired"" error and a Try Again button when a CSRF token is missing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5q88-cjfq-g2mh) was issued but the fix was incomplete. It only blocked &, and command injection is still possible using backticks instead to bypass the sanitizer. The attack surface is low in this case. Particularly in the standard use of codecov, where the module is used directly in a build pipeline, not built against as a library in another application that may supply malicious input and perform command injection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated ""finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,"" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color=""' followed by arbitrary Python code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the ""config"" and ""migrate"" parameters resulting in unauthenticated remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > "" ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,HIGH,LOW
"In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"In FreeRDP less than or equal to 2.0.0, when running with logger set to ""WLOG_TRACE"", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
"Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.); 17.4R3; 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8; 18.2R3, 18.2R3-S1, 18.2R3-S2; 18.3R2 and the SRs based on 18.3R2; 18.4R2 and the SRs based on 18.4R2; 19.1R1 and the SRs based on 19.1R1; 19.2R1 and the SRs based on 19.2R1; 19.3R1 and the SRs based on 19.3R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing ""URL Filtering service"", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NOTE: the scratch.mit.edu hosted service is not affected because of the lack of worker scripts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"""BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access.""",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's ""New"" HTTPS API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's ""Old"" HTTPS API.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of ""'guard' => 'admin'"" instead of ""'middleware' => ['can:admin']"" in routes/web.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service condition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cause information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"""HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. """,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080855&sys_kb_id=971d99ed1b8ed01c086dcbfc0a4bcb6a.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"""HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This affects all versions of package react-native-fast-image. When an image with source={{uri: ""..."", headers: { host: ""somehost.com"", authorization: ""..."" }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"""HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.""",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In glpi before 9.5.1, there is a SQL injection for all usages of ""Clone"" feature. This has been fixed in 9.5.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the ""Allow self-signed certificates"" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1405.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0 should upgrade to 3.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the ""classic"" UI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are also ignored during monitoring of VMware machines. This would make SQL Monitor vulnerable to potential man-in-the-middle attacks when sending alert notification emails, posting to Slack or posting to webhooks. The vulnerability is fixed in version 10.1.7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users should reference CVE-2019-15011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). Supported versions that are affected are 11.0, 11.1, 11.2 and prior to 11.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle AutoVue accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Unified Directory. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Unified Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Unified Directory accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Unified Directory. CVSS 3.1 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Masking and Subsetting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Masking and Subsetting accessible data as well as unauthorized update, insert or delete access to some of Oracle Data Masking and Subsetting accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Service Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). The supported version that is affected is Prior to 20.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1 and 18.1.0.0-18.8.18.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1394.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Inventory Integration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). Supported versions that are affected are 6.1 and 6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iLearning. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Address Book). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data and unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When the Windows DLL ""webauthn.dll"" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L).",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,NONE,HIGH,LOW
"Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role ""roles/compute.osLogin"" to escalate privileges to root. Using the membership to the ""lxd"" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the ""lxd"" user from the OS Login entry.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role ""roles/compute.osLogin"" to escalate privileges to root. Using their membership to the ""docker"" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the ""docker"" user from the OS Login entry.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role ""roles/compute.osLogin"" to escalate privileges to root. Using their membership to the ""adm"" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the ""adm"" user from the OS Login entry.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE). Supported versions that are affected are 6.1-6.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Interactive Session Recorder executes to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Interactive Session Recorder accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Interactive Session Recorder accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Expenses accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.",ADJACENT_NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,REQUIRED,CHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in ""Receive"" mode. An attacker can exploit this by connecting to the MX Transfer session as a ""sender"" and sending a MessageType of ""FILE_LIST"" with a ""name"" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended ""/sdcard/MXshare"" directory. In some instances, an attacker can achieve remote code execution by writing "".odex"" and "".vdex"" files in the ""oat"" directory of the MX Player application.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
LibreHealth EMR v2.0.0 is affected by systemic CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to ""crowdsource"" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to ""crowdsource"" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-1005.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.)",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"""HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the ""Workflow Delegation"" ""Requester Roles"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Apache NetBeans"" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. ""Apache NetBeans"" versions up to and including 11.2 are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""Apache NetBeans"" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans"" versions up to and including 11.2 are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Two four letter word commands ""wchp/wchc"" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the ""cmd:"" batch mode syntax, allows attackers to have unspecified impact via a long command string.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a ""code: Buffer.from(my_code, 'hex')"" attribute.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the component to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. This issue does not impact PAN-OS 8.1, PAN-OS 9.0, or Prisma Access services.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which might make visit data available temporarily at a Potentially Unwanted Endpoint. NOTE: the vendor has stated ""the favicon service adheres to our strict privacy policy.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka ""Microsoft SharePoint Information Disclosure Vulnerability."" This affects Microsoft SharePoint.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) ""php"" is blocked but path=F:/1.phP. succeeds.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"SolarWinds Serv-U File Server before 15.2.1 has a ""Cross-script vulnerability,"" aka Case Numbers 00041778 and 00306421.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the ""dbName"" POST parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which ""active"" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the ""critical"" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a ""CWE-20: Improper Input Validation"" issue affecting the affect functionality component.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Artica Pandora FMS 7.44 allows remote command execution via the events feature.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using ""contextIsolation"" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,HIGH,NONE
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"""A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with ""log level = 3"" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website's server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ""Wireless"" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
playSMS through 1.4.3 is vulnerable to session fixation.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"""HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,HIGH
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "".."". This allows an attacker to add or replace files system-wide.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
openSIS through 7.4 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
openSIS through 7.4 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
ExpressionEngine before 4.3.5 has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an internal ip disclosure vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.),NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.),NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user&#39;s `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a ""projective coordinates leak.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge 50P/5000P devices allow Cookie Path Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name=""og:image"" content=""' followed by an intranet URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
openSIS before 7.4 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eBill Payment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eBill Payment accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eBill Payment accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ""send email"" feature.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
"VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message (https://doc.sm.tc/station/cupsproto.html#http-post-response) where the signature length is larger than 2 GByte (never happens in practice), or the response is crafted specifically to trigger this issue (i.e. the length signature field indicates a value larger than (2**31)-1 although the signature actually does not contain that much data). In such a scenario, on 32 bit machines, Basic Station would execute a code path, where a piece of memory is accessed after it has been freed, causing the process to crash and restarted again. The CUPS transaction is typically mutually authenticated over TLS. Therefore, in order to trigger this vulnerability, the attacker would have to gain access to the CUPS server first. If the user chose to operate without authentication over TLS but yet is concerned about this vulnerability, one possible workaround is to enable TLS authentication. This has been fixed in 2.0.4.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a "".."" pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before AddPeer, which leads to always growing memory (activeIDs map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information and/or crash the application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that ""without a security realm reference"" implies ""effectively unsecured."" The vendor explicitly supports these unsecured configurations because they have valid use cases during development.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Adobe After Effects versions 17.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 177599.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178181.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force ID: 178182.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term ""isolated"" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending ""l2ping -s 600"" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the ""Web Sites > Create > Aliases > Add"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless ""Built-in admin"" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Web Port 1.19.1 allows XSS via the /log type parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,LOW
"IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Webroot endpoint agents prior to version v9.0.28.48 did not protect the ""%PROGRAMDATA%\WrData\PKG"" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In crus_sp_shared_ioctl we first copy 4 bytes from userdata into ""size"" variable, and then use that variable as the size parameter for ""copy_from_user"", ending up overwriting memory following ""crus_sp_hdr"". ""crus_sp_hdr"" is a static variable, of type ""struct crus_sp_ioctl_header"".Product: AndroidVersions: Android kernelAndroid ID: A-135129430",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don't use PHP's phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OMERO before 5.6.1 makes the details of each user available to all users.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the ""JSON"" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the ""get channel by name"" API, aka MMSA-2020-0004.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In OMERO before 5.6.1, group owners can access members' data in other groups.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CALDERA 2.7.0 allows XSS via the Operation Name box.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OX Guard 2.10.3 and earlier allows SSRF.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the ""Expect: 100-continue"" header may cause an out of memory error. This flaw may potentially lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""pidfile"" or ""driftfile"" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted ""KOD"" messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with ""admin|"" to use the '|' metacharacter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which a malicious peer could use to get access to private data. This only affects peers running SSB-DB@20.0.0 who also have private messages, and is only known to be exploitable if you're also running SSB-OOO (default in SSB-Server), which exposes a thin wrapper around get() to anonymous peers. This is fixed in version 20.0.1. Note that users of SSB-Server verion 16.0.0 should upgrade to 16.0.1 to get the fixed version of SSB-DB.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite through 7.10.3 has Improper Input Validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OX App Suite through 7.10.3 allows XXE attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id=""watermark""> from the HTML source code.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time=""1504225666237""&-url=$(reboot) request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""GNUTLS_KEYLOGFILE"" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a ""better zip bomb"" issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126380818",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020f8, 0x830020E0, 0x830020E4, or 0x8300210c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-130656917",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313537",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313764",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.2 allows SSRF.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1316.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1162.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1222.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1302.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313223",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127312550",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127310810",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123700383",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126204073",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141688974",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136498130",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140324890",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147355897",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka 'Windows Now Playing Session Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka 'Windows Feedback Hub Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in the way the Windows Diagnostics &amp; feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka 'Windows Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a ""constructor"" or ""__proto__"" payload.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a ""double fetch"" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states ""The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.""",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes ""ansible-vault edit"", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,NONE,LOW,LOW
"A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with ""umask 77 && mkdir -p <dir>""; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143299398",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126206353",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146435761",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146053215",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-120078455",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142280329",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139733543",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127973550",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139532977",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526860",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79945152",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137370379",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1324.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In WatermelonDB (NPM package ""@nozbe/watermelondb"") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don't validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won't synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it's not possible to nest an insert/update query inside a delete query in SQLite, and it's not possible to pass a semicolon-separated second query. There's also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It's theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fix",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states ""this is not a massive issue as you are still required to be logged into the admin.""",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated],NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736386",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-129475100",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124525515",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736125",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the ""url"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The SportsPress plugin before 2.7.2 for WordPress allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,HIGH,HIGH
Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device&rsquo;s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-119041698",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to ""cd "" and ""git clone "" commands in the library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the ""emoncms-master/Modules/vis/visualisations/compare.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
HESK before 3.1.10 allows reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the ""Save and test"" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the ""Show password"" box.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,NONE,NONE
"The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function ""deleteFunctions"" within ""index.js"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grafana 5.3.1 has XSS via a column style on the ""Dashboard > Table Panel"" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,LOW
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"yargs-parser could be tricked into adding or modifying properties of Object.prototype using a ""__proto__"" payload.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a ""Corrupt File"" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that ""this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol"" and ""utimes does not fail under normal circumstances.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound read in adm call back function due to incorrect boundary check for payload in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the ""Olap Schemas' Catalogue"" catalogue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to obtain the private key which could make intercepting GUI communications possible. IBM X-Force ID: 140396.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9650, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174738.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, Saipan, SC8180X, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SXR1130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lexiglot through 2014-11-20 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a ""catastrophic backtracking issue for the em inline rule,"" aka a ""regular expression denial of service (ReDoS).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an ""off-by-two error.""",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeTDS through 1.1.11 has a Buffer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earlier than 10.0.2.8; CD18-16 Versions earlier than 10.0.2.8; Columbia-TL00B Versions earlier than 9.0.0.187(C01E181R1P20T8); E6878-370 Versions earlier than 10.0.5.1(H610SP10C00); HUAWEI P30 lite Versions earlier than 10.0.0.185(C605E3R1P3), Versions earlier than 10.0.0.197(C432E8R2P7); HUAWEI nova 4e Versions earlier than 10.0.0.158(C00E64R1P9); Honor 10 Lite 9.0.1.113(C675E11R1P12); LelandP-L22A Versions earlier than 9.1.0.166(C675E5R1P4T8); Marie-AL00AX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00AY Versions earlier than 10.0.0.158(C00E64R1P9); Marie-AL00BX Versions earlier than 10.0.0.158(C00E64R1P9); Marie-L03BX Versions earlier than 10.0.0.188(C605E5R1P1); Marie-L21BX Versions earlier than 10.0.0.188(C432E4R4P1), Versions earlier than 10.0.0.188(C461E5R3P1); Marie-L22BX Versions earlier than 10.0.0.188(C636E3R3P1); Marie-L23BX Versions earlier than 10.0.0.188(C605E5R1P1); TC5200-16 Versions earlier than 10.0.2.8; WS5200-11 Versions earlier than 10.0.2.8; WS5200-12 Versions earlier than 10.0.2.23; WS5200-16 Versions earlier than 10.0.2.8; WS5200-17 Versions earlier than 10.0.2.23; WS5800-10 Versions earlier than 10.0.3.27; WS6500-10 Versions earlier than 10.0.2.8; WS6500-16 Versions earlier than 10.0.2.8",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1114.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,LOW
"A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument ""password"" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1110.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Open-AudIT 3.3.0 allows an XSS attack after login.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove ""<script>"" HTML tags that contain a whitespace character, i.e: ""</script >"", which results in the enclosed script logic to be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an ""NXNSAttack"" issue. This is triggered by random subdomains in the NSDNAME in NS records.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1121, CVE-2020-1165, CVE-2020-1166.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1165.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1166.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In memcached before 1.5.14, a NULL pointer dereference was found in the ""lru mode"" and ""lru temp_ttl"" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ""r"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",LOCAL,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Weak permissions on the ""%PROGRAMDATA%\MSI\Dragon Center"" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the ""Course>Data Downloads>Reports>Download profile info"" feature.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the ""Content>File Uploads"" screen. These files can contain JavaScript code and thus lead to Stored XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at ""End-of-software-support.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the ""Ultimate Addons for Elementor"" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles "".."" directory traversal in a mailbox name.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At ""Asset Home > Server > <workstation> > software"" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Apache NuttX (Incubating) project provides an optional separate ""apps"" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.,LOCAL,HIGH,HIGH,NONE,CHANGED,LOW,LOW,LOW
"Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.",LOCAL,HIGH,HIGH,NONE,CHANGED,LOW,LOW,LOW
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is ""not a vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long ""Authorization: Basic"" RTSP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content ""<script>alert(1)</script>"" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `"" onmouseover=""alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the ""last update"" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,NONE
"In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the ""Dark Portal"" issue.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Pagure 2.2.1 XSS in raw file endpoint,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ""../"" pathname substrings to write arbitrary files to the filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through SNMP communication. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7801.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,HIGH,HIGH
"A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a network based attacker with knowledge of registered firewall devices and access to Panorama management interfaces to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"""If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expose sensitive information including but not limited to server names, user IDs and document content.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. The vulnerability is due to a logic error with Snort handling of the connection with the TLS 1.3 policy and URL category configuration. An attacker could exploit this vulnerability by sending crafted TLS 1.3 connections to an affected device. A successful exploit could allow the attacker to bypass the TLS 1.3 policy and access URLs that are outside the affected device and normally would be dropped.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The iframe plugin before 4.5 for WordPress does not sanitize a URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka ""Microsoft Office Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka ""Microsoft Outlook for Mac Spoofing Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the ""openvpncmd"" parameter as a shell command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the ""command_line"" parameter as a shell command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the ""tun_path"" or ""tap_path"" pathname within a shell command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the ""tun_path"" or ""tap_path"" pathname in a kextload() call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761.  NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The ""send"" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the ""send"" command with the ""attachment_"" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the ""send"" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Katyshop2 before 2.12 has multiple stored XSS issues.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users' email addresses and lock names.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.",ADJACENT_NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns ""=*;*&"" or ""*%3b*&"" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match ""=*;*&|=*%3b*&"" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match ""=*;*&|=*%3b*&"" user@device> show log httpd.log.1.gz | match ""=*;*&|=*%3b*&"" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's ""Privacy"" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
UliCMS before 2020.2 has XSS during PackageController uninstall.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
UliCMS before 2020.2 has PageController stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a ""www"" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Beeline Smart Box 2.0.38 routers allow ""Advanced settings > Other > Diagnostics"" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.
Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC
address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies
to all (mostly ESP8266/ESP32) users.

This has been fixed in firmware version 2.5.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious JavaScript code on the affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the ""asterisk"" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the ""send"" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a ""Sender address rejected: not logged in"" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the ""Mint Tool"" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability. This is fixed version 3.6.2.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the (1) User Edit or (2) User Add form, (3) name field in the Role Add form, (4) name or number field in the Edit Group form, (5) tagKey or tagValue field in the Recording Rules Configuration, or (6) txt_69735:/VemailAddress/value or txt_75767:/VemailFrom/value field in callrec/config.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option ""osrelease"" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SUAP V2 allows XSS during the update of user information.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.0.54, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.38, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGN2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.20, R6300v2 before 1.0.4.22, R6400 before 1.0.1.32, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R6900P before 1.3.0.18, R7000 before 1.0.9.28, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900 before 1.0.2.10, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.52, WNDR3400v3 before 1.0.1.18, and WNR3500Lv2 before 1.2.0.46.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, and R9000 before 1.0.3.6.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier, WNDAP360 3.5.20.0 and earlier, WNDAP620 2.0.11 and earlier, WNDAP660 3.5.20.0 and earlier, WND930 2.0.11 and earlier, and WAC120 2.0.7 and earlier.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.2.0.44, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, and WNDR4300 before 1.0.2.98.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,LOW,LOW,NONE
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cerner medico 26.00 allows variable reuse, possibly causing data corruption.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.",ADJACENT_NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, which allows an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user. NOTE: the vendor has reportedly indicated that this behavior is ""an acceptable part of their software.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements ""webView:decidePolicyForNavigationAction:request:frame:decisionListener:"" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 172519.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs ""git clone --recurse-submodules"" because submodule ""names"" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with ""../"" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WNR854T devices before 1.5.2 are affected by command execution.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.3.6.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.98.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5-R2000 before 1.0.0.68.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 before 1.0.0.34, R6050 before 1.0.1.18, R6080 before 1.0.0.34, R6100 before 1.0.1.22, R6120 before 1.0.0.42, R6220 before 1.1.0.68, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R6700 before 1.0.1.48, R6700v2 before 1.2.0.24, R6800 before 1.2.0.24, R6900 before 1.0.1.48, R6900P before 1.3.1.44, R6900v2 before 1.2.0.24, R7000 before 1.0.9.34, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R7500 before 1.0.0.124, R7500v2 before 1.0.3.38, R7900 before 1.0.2.16, R7900P before 1.4.1.24, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN3000RP before 1.0.0.68, WN3000RPv2 before 1.0.0.68, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR1000v4 before 1.1.0.54, WNR2020 before 1.1.0.54, WNR2050 before 1.1.0.54, and WNR3500Lv2 before 1.2.0.54.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17, WAC510 before 5.0.0.17, WAC720 before 5.0.0.17, WAC730 before 5.0.0.17, WAC740 before 5.0.0.17, and WND930 before 5.0.0.17.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1., JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0.22, EX6150 before 1.0.0.34_1.0.70, EX6200 before 1.0.3.82_1.1.117, EX6400 before 1.0.1.78, EX7000 before 1.0.0.56, EX7300 before 1.0.1.78, JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.22, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R6250 before 1.0.4.14, R6300v2 before 1.0.4.12, R6400v2 before 1.0.2.34, R6700 before 1.0.1.26, R6900 before 1.0.1.26, R6900P before 1.2.0.22, R7000 before 1.0.9.6, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, R7300DST before 1.0.0.54, R7500 before 1.0.0.110, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.1.26, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN2500RPv2 before 1.0.1.46, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR3700v5 before 1.1.0.54, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.42, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a ""struct shiftfs_file_info *"". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 1 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1805 and CVE-2020-1806.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 2 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1806.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ABBS Software Audio Media Player version 3.1 suffers from an instance of CWE-121: Stack-based Buffer Overflow.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 3 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1805.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (""The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors."") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,LOW
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,LOW
"IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of vertices in U3D objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10568.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10189.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10193.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10192.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10190.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9945.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9944.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9943.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of widgets in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10650.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10614.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10464.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
"contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10142.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10195.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10132.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10191.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the CombineFiles command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9830.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Save command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9831.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the ConvertToPDF command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9829.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DuplicatePages command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9828.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) ""mailto?attach=..."" parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default ""/Uploads"" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,HIGH
"Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"""HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected access point (AP). An attacker could exploit this vulnerability by sending a large number of sustained client packets to the affected AP. A successful exploit could allow the attacker to cause the affected AP to crash, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"""HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.,NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24. R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Anchor 0.12.7 allows admins to cause XSS via crafted post content.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
JetBrains Space through 2020-04-22 allows stored XSS in Chats.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000 before 1.0.3.22, and R8500 before 1.0.2.94.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,LOW
"SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417434",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.,LOCAL,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects DGN2200 before 1.0.0.58, DGN2200B before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.80, D6220 before 1.0.0.44, EX7000 before 1.0.0.66, EX6200 before 1.0.3.88, EX6150 before 1.0.0.42, EX7500 before 1.0.0.46, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900P before 1.4.0.10, R8000P before 1.4.0.10, R7900 before 1.0.2.16, R7000P before 1.3.1.44, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.1.44, R7000 before 1.0.9.32, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.54.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct ""denial of service (application crash)"" attacks by using the ""malformed labeled break/continue in JavaScript"" approach, related to a ""NULL pointer dereference"" issue affecting the jscompile.c component.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.106, DGND2200Bv4 before 1.0.0.106, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6400 before 1.0.1.42, R6700 before 1.0.1.46, R6700v3 before 1.0.2.52, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.54.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144506242",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144766455",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (""KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures"") 87a11bb6a7f7 (""KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode"") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 (""KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()"") 7b0e827c6970 (""KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm"") 009c872a8bc4 (""KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file"")",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before v1.0.4.2, R9000 before v1.0.4.2, RBK50 before v2.3.0.32, RBR50 before v2.3.0.32, RBS50 before v2.3.0.32, WNDR3700v4 before V1.0.2.102, WNDR4300v1 before V1.0.2.104, WNDR4300v2 before v1.0.0.58, WNDR4500v3 before v1.0.0.58, WNR2000v5 before v1.0.0.68, and XR500 before V2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.52, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.56.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, SRK60 before 2.2.1.210, SRR60 before 2.2.1.210, SRS60 before 2.2.1.210, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, and WNDR4500v3 before 1.0.0.58.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DC112A before 1.0.0.40, EX8000 before 1.0.0.118, JR6150 before 1.0.1.18, R6050 before 1.0.1.18, R6220 before 1.1.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900v2 before 1.2.0.16, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500 before 1.0.0.118, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.6, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.34, R7300DST before 1.0.0.62, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.54, and WNDR3400v3 before 1.0.1.18.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBS40 before 2.3.0.22, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. Android ID: A-139354541",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147309942",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is LVE-SMP-190013 (September 2019).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android. An attacker who is in the position to send commands to the TA (for example, the root user) is able to send a sequence of these commands that will result in the TA sending a raw fingerprint image to the REE. This means that the Trusted Execution Environment (TEE) no longer protects identifiable fingerprint data from the REE.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource alloc Rej/Deact EPs bearer REq in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, MDM9205, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0985.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0996.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v4 before 1.0.0.110 and DGND2200Bv4 before 1.0.0.109.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to memory overflow in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS605, QM215, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D7800 before 1.0.1.47, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.40, R6080 before 1.0.0.40, R6050 before 1.0.1.18, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, and WNR2020 before 1.1.0.62.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the ""crafted JavaScript"" approach, related to a ""Buffer Over-read"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0942, CVE-2020-0944.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentation in Snapdragon Auto, Snapdragon Mobile in Saipan, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1006, CVE-2020-1017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ bearer modify context reject in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possibility of null pointer deference as the array of video codecs from media info is referenced without null checking while processing SDP messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC7180, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1015.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310721",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0917.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenMRS 2.9 and prior copies ""Referrer"" header values into an html element named ""redirectUrl"" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0983, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1027.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1000, CVE-2020-1003, CVE-2020-1027.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by disclosure of sensitive information. This affects GS728TP before 6.0.0.48, GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 8.0.5.5 and WAC510 before 8.0.5.5.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0976.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1001, CVE-2020-1006, CVE-2020-1017.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0946.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0949, CVE-2020-0950.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0950.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0957, CVE-2020-0958.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0958.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.66, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0966.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0967.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unraid 6.8.0 allows authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unraid through 6.8.0 allows Remote Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Quoting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Quoting accessible data as well as unauthorized update, insert or delete access to some of Oracle Quoting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: KB Search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing Encyclopedia System product of Oracle E-Business Suite (component: Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing Encyclopedia System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing Encyclopedia System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing Encyclopedia System accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing Encyclopedia System accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claims). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Budget). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Mail). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HRMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. While the vulnerability is in Oracle CRM Gateway for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Coherence accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Service Intelligence product of Oracle E-Business Suite (component: Internal Operations- Search). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Supplier Change). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Management Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Application Performance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Application Performance Management accessible data as well as unauthorized update, insert or delete access to some of Application Performance Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Performance Management. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3).,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 - 20.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Absence Recording, Maintenance). Supported versions that are affected are 12.2.6-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Human Resources accessible data. CVSS 3.0 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data as well as unauthorized read access to a subset of Oracle Insurance Accounting Analyzer accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Data Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Data Foundation accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Foundation accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N).",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. While the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupplier Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Customer Search). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Calendar). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS/Optimizer accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). Supported versions that are affected are 20.2 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.0 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Express. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"The ""apetag.c"" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 - 20.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or reboot and lose configuration settings. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7801, and CVE-2020-7802.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7802.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified ""interesting side effects."" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the ""owner"" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TVT NVMS-1000 devices allow GET /.. Directory Traversal,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
"An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the ""Additional Settings"" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability. This issue only affects IPv6. IPv4 ARP proxy is unaffected by this vulnerability. This issue affects Juniper Networks Junos OS: 17.4 versions prior to 17.4R2-S9, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S9 on MX Series; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3 on MX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S2, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Flow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode. This issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash. When the issue occurs, a core dump and riot log file entry are generated. For example: /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz /home/pfe/RIOT logs: fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc(): This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3 on vMX and MX150; 18.2 versions prior to 18.2R3 on vMX and MX150; 18.2X75 versions prior to 18.2X75-D60 on vMX and MX150; 18.3 versions prior to 18.3R3 on vMX and MX150; 18.4 versions prior to 18.4R2 on vMX and MX150; 19.1 versions prior to 19.1R2 on vMX and MX150. This issue does not affect Junos OS versions prior to 18.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the ""show vmhost status"" is not supported, then the device does not have NG-RE with vmhost.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction Link in a directory he has full control of, breaking out of the sandbox.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for executing programs when certain events are triggered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of the user, which could possibly cause website redirection, session hijacking, or information disclosure. This vulnerability has been patched in BuySpeed version 15.3.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,LOW
"An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is ""Unhandled exception in Dalvik VM,"" ""Application not responding ANR event,"" or ""Crash on an application's native code."" The Samsung ID is SVE-2015-2885 (October 2015).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680 (April 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175490.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to ""Dump"". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018).,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response&#39;s content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ""Exchange Spoofing Vulnerability,"" a different vulnerability than CVE-2016-0029.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ""Exchange Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ""Exchange Spoofing Vulnerability,"" a different vulnerability than CVE-2016-0031.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ""Microsoft Exchange Server Elevation of Privilege Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka ""Microsoft Exchange Cross-Site Scripting Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka ""Microsoft Malware Protection Engine Denial of Service Vulnerability"", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka ""Microsoft Malware Protection Engine Denial of Service Vulnerability"", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka ""Microsoft Malware Protection Engine Denial of Service Vulnerability"", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7930 (March 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. There are multiple Buffer Overflows in TSP sysfs cmd_store. The Samsung ID is SVE-2016-7500 (January 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsung ID is SVE-2017-10011 (December 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsung ID is SVE-2016-7340 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the ""magical iframe"" and receive the messages that the ""magical iframe"" sends.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-2017-8119 (April 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 (April 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Because of an unprotected Intent, an attacker can reset the configuration of certain applications. The Samsung ID is SVE-2016-7142 (April 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with N(7.0) software. The time service (aka Timaservice) allows a kernel panic. The Samsung ID is SVE-2017-8593 (May 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the ""SamFAIL"" issue. The Samsung ID is SVE-2017-10465 (November 2017).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Intents related to Wi-Fi have incorrect exception handling, leading to a crash of system processes. The Samsung ID is SVE-2017-8389 (May 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository ""as is"". In case of scripts inside an SVG, this may or may not be ""malicious"", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the ""issue"", a user must have an account in the CMS as a content manager.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x) software. Because of missing Intent exception handling, system_server can have a NullPointerException with a crash of a system process. The Samsung IDs are SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126 (July 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with M(6.0) software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 (June 2017).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
HCL AppScan Standard is vulnerable to excessive authorization attempts,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. The Email application allows attackers to send emails on behalf of any user via a broadcasted intent. The Samsung ID is SVE-2017-9357 (September 2017).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 (August 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in process_cipher_tdea. The Samsung ID is SVE-2017-8973 (July 2017).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Web server running on Parrot ANAFI can be crashed due to the SDK command ""Common_CurrentDateTime"" being sent to control service with larger than expected date length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: ""A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties"". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
STMicroelectronics STM32F1 devices have Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
"UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this ""requires a high degree of access and other preconditions that are tough to achieve.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team&#39;s account. Then, the attacker can gain points / value off the backs of the victims. This is patched in version 2.3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka ""2017-08 (Critical) Possible remote code execution on DNN sites.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is ""searchUsers"" when sending a POST request to ""/tickets/showKanban"" with a valid session. In the code, the parameter is named ""users"" in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states ""I don't see anything specifically exploitable.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sonatype Nexus Repository before 3.21.2 allows XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Elide before 4.5.14, it is possible for an adversary to ""guess and check"" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF'][""view_type""] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the ""view"" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF'][""view_type""] variable, but there it wasn't sanitized.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service issue was addressed with improved input validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GitLab through 12.9 is affected by a potential DoS in repository archive download.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a ""kill `cat /run/tinyproxy/tinyproxy.pid`"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts (""service users"") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The command-line ""safety"" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can disable Gallery permanently. The Samsung ID is SVE-2019-14031 (May 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an ""rConfig specific Apache configuration"" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14885 (September 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type=""text/javascript"" src=' line. Fix released on 2018-03-29.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type=""text/javascript"" src=' line. Fix released on 2018-03-28.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially exploit this vulnerability by tricking a victim Security Console user to supply malicious HTML or JavaScript code to the vulnerable web application, which code is then executed by the victim's web browser in the context of the vulnerable web application.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive that can lead to code execution or escalation of privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1eb9c the extracted interface element name from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=<contents of interface element> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any interface values that are greater than 512-len(""/etc/config-tools/config_interfaces interface="") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An interface value of length 0x3c4 will cause the service to crash.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). The destination buffer sp+0x40 is overflowed with the call to sprintf() for any state values that are greater than 512-len(""/etc/config-tools/config_interfaces interface=X1 state="") in length. Later, at 0x1ea08 strcpy() is used to copy the contents of the stack buffer that was overflowed sp+0x40 into sp+0x440. The buffer sp+0x440 is immediately adjacent to sp+0x40 on the stack. Therefore, there is no NULL termination on the buffer sp+0x40 since it overflowed into sp+0x440. The strcpy() will result in invalid memory access. An state value of length 0x3c9 will cause the service to crash.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Motorola FX9500 devices allow remote attackers to read database files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing ""dev"" or ""staging"" in the HTTP Host header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable double free vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged ""localhost"" string in the HTTP Host header.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the ""Modify the hostname"" field.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. Was ZDI-CAN-9428.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10029.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the ""Activity"" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka ""DNS Insufficient Socket Entropy Vulnerability"" or ""the Kaminsky bug.""",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel® Smart Sound Technology before versions: 10th Generation Intel® Core™ i7 Processors, version 3431 and 8th Generation Intel® Core™ Processors, version 3349.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
"A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS ""Boron""), 8.x (LTS ""Carbon""), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"antiX and MX Linux allow local users to achieve root access via ""persist-config --command /bin/sh"" because of the Sudo configuration.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MetadataExtractor 2.1.0 allows stack consumption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: ""escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument."" It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Nagios Log Server 2.1.3 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios Log Server 2.1.3 has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
arxes-tolina 3.0.0 allows User Enumeration.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
RMySQL through 0.10.19 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
django-nopassword before 5.0.0 stores cleartext secrets in the database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the ""Dragonblood"" attack and CVE-2019-9494.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The ""Via"" header lists cache protocols and recipients between the start and end points for a request or a response. The ""Age"" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
index.js in Total.js Platform before 3.2.3 allows path traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Contao before 4.5.7 has XSS in the system log.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bitcoin Core before v0.13.0, a non-final alert is able to block the special ""final alert"" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"pulverizr through 0.7.0 allows execution of arbitrary commands. Within ""lib/job.js"", the variable ""filename"" can be controlled by the attacker. This function uses the variable ""filename"" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a ""query_logger"" Admin API request, because of a typo in the JSON validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an ""Easy"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the ""exec"" function located in ""src/command.js"" via the provided options.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=<contents of gateway node> using sprintf(). This command is later executed via a call to system().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument ""options"" of the exports function in ""index.js"" can be controlled by users without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
yidashi yii2cmf 2.0 has XSS via the /search q parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-38390530",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-115363533",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0791.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node-prompt-here through 1.0.1 allows execution of arbitrary commands. The ""runCommand()"" is called by ""getDevices()"" function in file ""linux/manager.js"", which is required by the ""index. process.env.NM_CLI"" in the file ""linux/manager.js"". This function is used to construct the argument of function ""execSync()"", which can be controlled by users without any sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an ""Authorization: Basic"" HTTP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0763.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0762.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0776.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0858.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the ""access basic_webmail"" permission to read arbitrary users' email addresses.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system().,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0894.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress ""password forget"" form.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android ID: A-111363077",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"""Clear History and Website Data"" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the ""username"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not ""Script Author"" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The simple-fields plugin before 1.4.11 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,HIGH
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144679405",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143106535",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143109193",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141243101",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143155861",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124521372",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134487438",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137284652",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is ""Mini-Browser"", published as ""@theia/mini-browser"" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140177694",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137102479",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138442483",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143789898",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
gif2png 2.5.13 has a memory leak in the writefile function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144351324",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with ""Allow filtering of HTTPS traffic for tracking detection"" enabled. (This is the default configuration.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the ""homepage"" value of a "".gemspec"" file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the ""Send me a copy"" option to receive any files of the filesystem via email.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the 0.0.0.0 IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-2018-14728.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information is included in the mDNS reply. An attacker could exploit this vulnerability by doing an mDNS query for a particular service against an affected device. A successful exploit could allow the attacker to gain access to sensitive information.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to deplete IPsec memory, resulting in all future IPsec packets to an affected device being dropped by the device. Manual intervention is required to recover from this situation.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8953, QCA6574AU, QCS605, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MDM9150, MDM9205, MDM9607, MDM9650, MSM8905, Nicobar, QCS405, QCS605, Rennell, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9379, QCA9886, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The codection ""Import users from CSV with meta"" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supplied was recognized as associated with a valid user. This behavior could be used as part of a two-stage automated attack. During the first stage, an attacker would iterate through a list of account names to determine which correspond to valid accounts. During the second stage, the attacker would use a list of common passwords to attempt to brute force credentials for accounts that were recognized by the system in the first stage.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which ""token"" is used as a CSRF protection mechanism, but without validation that ""token"" is associated with an administrative user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket data from other companies. Due to the multi-tenant nature of this application, users who can access ticket details from one organization to the next allows for users to exfiltrate potentially sensitive data of other companies.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, Rennell, SC8180X, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Stack-based buffer overflow in ""dnsproxy.c"" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the ""name"" variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device's configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device's configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,LOW
"D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain ""persistent root access"" via the BusyBox CLI, as demonstrated by overwriting the super user password.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by crafting a malicious configuration and saving it to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information when an administrator views the configuration. An attacker would need write permissions to exploit this vulnerability successfully.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercept sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to ""a number of underlying issues"" in which ""some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka ""the Hash DoS attack.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Pale Moon 28.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system&rsquo;s trusted network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"giting version prior to 0.0.8 allows execution of arbritary commands. The first argument ""repo"" of function ""pull()"" is executed by the package without any validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable ""opt.branch"" is not validated before being provided to the ""git"" command within ""index.js#L139"". This could be abused by an attacker to inject arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.,PHYSICAL,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the ""NETGEAR Genie"" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive information. IBM X-Force ID: 176335.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174907.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174909.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Allen Disk 1.6 has XSS in the id parameter to downfile.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off ""Load remote content in messages” may not apply to all mail previews.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
QNAP VioCard 300 has hardcoded RSA private keys.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds read was addressed with improved input validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says ""In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. For example, a small amount of sniffed data may indicate that a vote was cast for the candidate with the least metadata. An active man-in-the-middle attacker can leverage this behavior to disrupt voters' abilities to vote for a candidate opposed by the attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the ""access resource node"" and ""create page content"" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LiteCart through 2.2.1 allows CSV injection via a customer's profile.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak .",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak .",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"taffy through 2.6.2 allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing "" src="" clause, (2) a trailing "" temp="" clause, or (3) a trailing "" validate="" clause accompanied by a shell command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ansible before 1.6.7 does not prevent inventory data with ""{{"" and ""lookup"" substrings, and does not prevent remote data with ""{{"" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the ""deb http://user:pass@server:port/"" format.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the ""deb http://user:pass@server:port/"" format.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IZON IP 2.0.2: hard-coded password vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Nokogiri before 1.5.4 is vulnerable to XXE attacks,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the ""try again"" button, the attacker can take over the account and perform unintended actions on the victim's behalf. NOTE: A third-party maintainer has stated that this CVE is a false report. They state that the csrf_callback function is actually a callback function to the callers own handler for output. The function called can be changed via configuration to a custom callback to handle failed validation differently. They also stated that there is no way for an attacker to change tokens to make them valid from the client side. The only thing an attack can do is to pull the token out of the javascript, but that will always be possible and has nothing to do with the callback.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: ""Transfer-Encoding: gzip, chunked"" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Waitress through version 1.3.1 implemented a ""MAY"" part of the RFC7230 which states: ""Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR."" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ricoh SP C250DN 1.06 devices allow CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, ""Output buffer to small, wanted to write %lu, max was %lu."", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> ""message if election is closed"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress plugin wp-cleanfix has Remote Code Execution,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SOPlanning 1.45 allows XSS via the ""Your SoPlanning url"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Mambo CMS through 4.6.5 has multiple XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ZPanel through 10.1.0 has Remote Command Execution,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,NONE,NONE,HIGH
"Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the ""passwordreset&token"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Simple Machines Forum (SMF) through 2.0.5 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the ""Name"" and ""Description"" fields of a Workspace, as well as the ""Description"" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Belkin n750 routers have a buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the administrator can be transformed to remote command execution because of CVE-2018-10642 (still working through 2.6.0) The Reflective XSS can also become a stored XSS within the same account because of another vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the ""User Creation, Deletion and Password Maintenance"" screen (when creating a new user).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Codoforum 4.8.8 allows self-XSS via the title of a new topic.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-67319274",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144040966",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140419401",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SuiteCRM through 7.11.11 allows PHAR Deserialization.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the ""amount * sellPrice"" will cause an integer overflow in sell().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the ""amount * sellPrice"" will cause an integer overflow in sell().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the ""msg.value * buyPrice"" will cause an integer overflow in the fallback function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The URL filtering ""continue page"" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka ""Dirty COW.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Headway theme before 3.8.9 for WordPress has XSS via the license key field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a ""SIP Digest Leak"" issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a ""SIP Digest Leak"" issue.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka 'Surface Hub Security Feature Bypass Vulnerability'.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to ""type confusion.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a ""SIP Digest Leak"" issue.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0709.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0659.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0680, CVE-2020-0682.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0732.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0737.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0672.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0739.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0694.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0693.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory, aka 'Windows Client License Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0747.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dependency-Track before 3.5.1 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated ""this report has been closed as a false positive, and not a bug.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states ""The user is presented with clear warnings on the GUI that they should set usernames and passwords.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted ""StartAvCustomScan"" type IPC client requests to the fctsched process due the argv data not been well sanitized.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of HTTP responses to the Captive Portal. A crafted HTML response can cause the Captive Portal to to open a browser to a specified location without user interaction. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7467.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, ""database.php"" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously crafted movie may result in the disclosure of process memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
InfoSphere Guardium aix_ktap module: DoS,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cisco ACE A2(3.6) allows log retention DoS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the ""execSync()"" argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Orange HRM 2.7.1 allows XSS via the vacancy name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"webcalendar before 1.2.7 shows the reason for a failed login (e.g., ""no such user"").",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In PostgreSQL 9.3 through 11.2, the ""COPY TO/FROM PROGRAM"" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: At Coinkite, we’ve already mitigated it, even though we feel strongly that it is not a legitimate issue. In our opinion, it is both unproven (might not even work) and also completely impractical—even if it could be made to work perfectly.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.”",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ‚<!ENTITY‘ and thus allowing for an xml external entity processing (XXE) attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a ""BROWSER environment variable"". Instead, the ""browser"" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the ""options"" menu. The default is chosen in the ./configure script, which tests various programs, first tested is ""xdg-open"".”",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ProjectPier 0.8.8 does not use the Secure flag for cookies,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OpenVAS Manager v2.0.3 allows plugin remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using ""Javascript debugging.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"D-Link DIR865L v1.03 suffers from an ""Unauthenticated Hardware Linking"" vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProjectPier 0.8.8 has stored XSS,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is ""not a bug.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted ""bin"" keys. Existing files could be overwritten depending on the current user permission set.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L).",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,HIGH,LOW
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Batavi before 1.0 has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 11.0 and later through 12.7.2 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
JetBrains IDETalk plugin before version 193.4099.10 allows XXE,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like ""Bad-header: xxxxxxxxxxxxxxx\x10"" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel=""noopener"" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
ZPanel 10.0.1 has insufficient entropy for its password reset process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
GitLab through 12.7.2 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Global.py in AIL framework 2.8 allows path traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""Blog"", ""Forum"", ""Contact Us"" screens of the template ""ecommerce"" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPShop through 0.8.1 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PmWiki before 2.2.21 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
_is_safe in the File::Temp module for Perl does not properly handle symlinks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Mercurial before 4.1.3, ""hg serve --stdio"" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles=""Administrators"" in XML or CSV data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
D-Link DIR-100 4.03B07: cli.cgi CSRF,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-100 4.03B07: cli.cgi XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the ""selected_theme"" parameter in error.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the ""children of the head"" processing feature is modified in the loop without validating the new value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Evernote prior to 5.5.1 has insecure password change,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states ""It can be used for testing, but it should not be used for real funds.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in ZeusCart 4.x.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a "".jpg"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the ""diagnostic"" page using the SnapMirror log path parameter.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ASUS RT-N56U devices allow CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS&ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS&ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS&ndash;IS process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
contao prior to 2.11.4 has a sql injection vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Dokeos 2.1.1 has multiple XSS issues involving ""extra_"" parameters in main/auth/profile.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type ""application/xml"", which trigger the deserialization of entities, can be used to trigger XXE attacks.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Havalite CMS 1.1.7 has a stored XSS vulnerability,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XnView 2.03 has a stack-based buffer overflow vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the ""Additional options"" line edit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"ISPConfig 3.0.4.3: the ""Add new Webdav user"" can chmod and chown entire server from client interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
XnView 2.03 has an integer overflow vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BabyGekko before 1.2.4 allows PHP file inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim&rsquo;s BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Local file inclusion in WebCalendar before 1.2.5.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8),LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an ""integer truncation"" vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pinboard 1.0.6 theme for Wordpress has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Zimbra Collaboration before 8.6.0 patch5 has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Synacor Zimbra Collaboration before 8.0.8 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the ""gcov-args"" argument.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
General Electric D20ME devices are not properly configured and reveal plaintext passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device&rsquo;s web browser. The browser will then request to launch the device&rsquo;s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adive Framework 2.0.8 has admin/user/add userName XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
MySecureShell 1.31 has a Local Denial of Service Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ARC 5.21q allows directory traversal via a full pathname in an archive file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.),NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust checking for any code running in the same JVM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
sanitize-html before 1.4.3 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to ""navigate"" to arbitrary files via the __report parameter of the BIRT viewer servlet.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to ""navigate"" to arbitrary local files via the __imageid parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3; 18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6; 18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PotPlayer 1.5.40688: .avi File Memory Corruption,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by ""((?+1)(\1))/"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated ""This is a false alarm.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jara 1.6 has a SQL injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several ""co-admins"" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jara 1.6 has an XSS vulnerability,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the ""WebKit"" component, which allows remote attackers to launch popups via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
spamdyke prior to 4.2.1: STARTTLS reveals plaintext,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks,ADJACENT_NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grand MA 300 allows retrieval of the access PIN from sniffed data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Systrace before 1.6.0 has insufficient escape policy enforcement.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Joomla! 1.5x through 1.5.12: Missing JEXEC Check,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Joomla! before 2.5.3 allows Admin Account Creation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Joomla! core before 2.5.3 allows unauthorized password change.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications ""need to be prepared to handle a wide variety of exceptions.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.),LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Status2k allows Remote Command Execution in admin/options/editpl.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Freelancy v1.0.0 allows remote command execution via the ""file"":""data:application/x-php;base64 substring (in conjunction with ""type"":""application/x-php""} to the /api/files/ URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AgileBits 1Password through 1.0.9.340 allows security feature bypass,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache Airflow before 1.10.5 when running with the ""classic"" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new ""RBAC"" UI is unaffected.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Tiki Wiki CMS Groupware 7.0 has XSS via the GET ""ajax"" parameter to snarf_ajax.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ansible prior to 1.5.4 mishandles the evaluation of some strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a ""linkdn"" and ""containerdn"" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.",PHYSICAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is ""cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;"" but cfg could be NULL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a ""PUT /obs/obm7/file/upload"" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Belkin N900 router (F9K1104v1) contains an Authentication Bypass using ""Javascript debugging"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.,NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,NONE,NONE
"A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grand MA 300 allows a brute-force attack on the PIN.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SOPlanning 1.45 has SQL injection via the user_list.php ""by"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the ""discover ZigBee network procedure"" to perform a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
OX App Suite through 7.10.2 has Incorrect Access Control.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AVTECH AVN801 DVR has a security bypass via the administration login captcha,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a ""privileged guest user has many ways to cause similar DoS effect, without triggering this assert.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""""} string to v1/system/login.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a ""<?php "" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the ""administer smiley"" permission to inject arbitrary web script or HTML via a smiley acronym.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Koala Framework before 2011-11-21 has XSS via the request_uri parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
TopList before 2019-09-03 allows XSS via a title.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Status2k does not remove the install directory allowing credential reset.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's ""assignable-add"" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these ""alternate"" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DOMPDF before 0.6.2 allows Information Disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in Jifty::DBI before 0.68.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Publify before 8.0.1 is vulnerable to a Denial of Service attack,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,HIGH
"An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pretty-Link WordPress plugin 1.5.2 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking,PHYSICAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In aws-lambda versions prior to version 1.0.5, the ""config.FunctioName"" is used to construct the argument used within the ""exec"" function without any sanitization. It is possible for a user to inject arbitrary commands to the ""zipCmd"" used within ""config.FunctionName"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In ""index.js"" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
makepasswd 1.10 default settings generate insecure passwords,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Samsung Kies before 2.5.0.12094_27_11 has registry modification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the ""Business Manager"" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the ""Business Manager"" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A password generation weakness exists in xquest through 2016-06-13.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite through 7.10.2 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GnuTLS incorrectly validates the first byte of padding in CBC modes,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the ""Display visual image directory"" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
MyBB before 1.8.22 allows an open redirect on login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the ""string"" field type. The contents are an object, with malicious code returned by the __toString() method of that object.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
thttpd 2007 has buffer underflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the ""matching tags"" feature.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FiberHome an5506-04-f RP2669 devices have XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
HMailServer 5.3.x and prior: Memory Corruption which could cause DOS,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colon; substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Transcend WiFiSD 1.8 has persistent XSS,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AultWare pwStore 2010.8.30.0 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
edx-platform before 2016-06-06 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted in this being updated to Critical. The root password is common across all instances of ATD prior to 4.8. See the Security bulletin for further details",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Static HTTP Server 1.0 has a Local Overflow,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC=""data:image/svg+xml' substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a ""git submodule update"" operation can run commands found in the .gitmodules file of a malicious repository.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Sencha Labs Connect has XSS with connect.methodOverride(),NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SPBAS Business Automation Software 2012 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the ""discover ZigBee network procedure"" to perform a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Watson Studio Local 1.2.3 could disclose sensitive information over the network that an attacked could use in further attacks against the system. IBM X-Force ID: 145238.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states ""We don't plan to take any action because of this.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,HIGH
"An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
swagger-ui has XSS in key names,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial of service attack on the affected products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service attack on the affected products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Collabtive 1.0 has incorrect access control,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information exposure vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial of service vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripting when creating content, aka XSS. This vulnerability is mitigated by the fact that an attacker must have a role with the ""Administer content types"" permission.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when configuring a layout, aka XSS. This issue is mitigated by the fact that the attacker would be required to have the permission to create custom blocks, which is typically an administrative task.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable heap buffer overflow vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.",LOCAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate, as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=""allow-scripts"" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages ""type confusion.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a "" character and ends with a \ character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the iocheckd service ""I/O-Check"" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The ""Share Mac Analytics"" setting may not be disabled when a user deselects the switch to share analytics.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bitwarden server through 1.32.0 has a potentially unwanted KDF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Path traversal exists in http_server which allows an attacker to read arbitrary system files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS405, QCS605, QM215, SA6155P, SDA845, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. Processing a maliciously crafted movie file may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9980, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MDM9607, MSM8996AU, QCA6574AU, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCA8081, QCS405, QCS605, QM215, SA6155P, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996, MSM8996AU, QCA4531, QCA8081, QCA9531, QCA9558, QCA9886, QCA9980, QCN7605, QCS605, SDA660, SDX20, SDX24, SDX55, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8016, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SM6150, SM7150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account ""!#/"" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
duplicity 0.6.24 has improper verification of SSL certificates,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
python-requests-Kerberos through 0.5 does not handle mutual authentication,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In BlueZ 5.42, a buffer overflow was observed in ""read_n"" function in ""tools/hcidump.c"" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of ""."" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
jersey: XXE via parameter entities not disabled by the jersey SAX parser,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
XSS and SQLi in huge IT gallery v1.1.5 for Joomla,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS in huge IT gallery v1.1.5 for Joomla,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
eDeploy has RCE via cPickle deserialization of untrusted data,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
imagemagick 6.8.9.6 has remote DOS via infinite loop,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated ""Invalid request"" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
mcollective has a default password set at install,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CFME: CSRF protection vulnerability via permissive check of the referrer header,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the ""LiteManagerFree - Server"" folder, as demonstrated by ROMFUSClient.exe.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type ""identityref"". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the ""SITE_PATH_QUERY"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type ""bits"". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790),NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a ""fully working exploit.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
kde-workspace before 4.10.5 has a memory leak in plasma desktop,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c ""Read hex image data"" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c ""Read hex image data"" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370),NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenWrt 18.06.4 allows XSS via the ""New port forward"" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: ""Open ports on router"" and ""New forward rule"" and ""New Source NAT"" (this can occur, for example, on a TP-Link Archer C7 device).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in DBD::PgPP 0.05 and earlier,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
openslp: SLPIntersectStringList()' Function has a DoS vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a ""Last-Level Cache Side-Channel Attack.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
openstack-utils openstack-db has insecure password creation,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Orca has arbitrary code execution due to insecure Python module load,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ReviewBoard: has an access-control problem in REST API,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to ""live management.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
JBossWeb Bayeux has reflected XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenShift cartridge allows remote URL retrieval,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
OpenStack nova base images permissions are world readable,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.),NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Intesync Solismed 3.3sp allows Insecure File Upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Intesync Solismed 3.3sp has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Intesync Solismed 3.3sp allows Clickjacking.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
mom creates world-writable pid files in /var/run,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
SaltStack RSA Key Generation allows remote users to decrypt communications,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Monkey HTTP Daemon: broken user name authentication,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Monkey HTTP Daemon has local security bypass,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Work Time Calendar app before 4.7.1 for Jira allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the ""secure"" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Anviz Management System for access control has insufficient logging for device events such as door open requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the ""Modify node taxonomy terms"" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Exim supports the use of multiple ""-p"" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the ""Accept-Language"" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Katello has multiple XSS issues in various entities,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Claws Mail vCalendar plugin: credentials exposed on interface,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the ""host"" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious ""sh -c"" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
SALTO ProAccess SPACE 5.4.3.0 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ""Xray Test Management for Jira"" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In ""Xray Test Management for Jira"" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a ""feature"" because the affected components are an HTML content editor.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
webauth before 4.6.1 has authentication credential disclosure,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
JBoss KeyCloak: XSS in login-status-iframe.html,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can ""directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SCEditor 2.1.3 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Katello: Username in Notification page has cross site scripting,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
opendnssec misuses libcurl API,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the ""content brief"" or ""content extended"" field, a different vulnerability than CVE-2017-15878.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate),NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
gnome-system-log polkit policy allows arbitrary files on the system to be read,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ipa 3.0 does not properly check server identity before sending credential containing cookies,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitBook through 2.6.9 allows XSS via a local .md file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected application. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if pannellum.htm was hosted on a domain that shared cookies with the targeted site's user authentication; an &lt;iframe&gt; could then be embedded on the attacker's site using pannellum.htm from the targeted site, which would allow the attacker to potentially access information from the targeted site as the authenticated user (or worse if the targeted site did not have adequate CSRF protections) if the user clicked on a hot spot in the attacker's embedded panorama viewer. This was patched in version 2.5.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka ""XSS File Upload.""",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nokia IMPACT < 18A: allows full path disclosure,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Nokia IMPACT < 18A: has Reflected self XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
piwigo has XSS in password.php,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525),NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libuser has information disclosure when moving user's home directory,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Characters in the GET url path are not properly escaped and can be reflected in the server response.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM),NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Chrony before 1.29.1 has traffic amplification in cmdmon protocol,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like ""admin"". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
PyXML: Hash table collisions CPU usage Denial of Service,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A SQL injection vulnerability in the Xpert Solution ""Server Status by Hostname/IP"" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the ""returned length of the object from _ksba_ber_parse_tl.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The events-manager plugin before 5.6 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Profitability and Cost Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Profitability and Cost Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Profitability and Cost Management accessible data as well as unauthorized read access to a subset of Hyperion Profitability and Cost Management accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
termpkg 3.3 suffers from buffer overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PuTTY before 0.73 mishandles the ""bracketed paste mode"" protection mechanism, which may allow a session to be affected by malicious clipboard content.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, SDA660, SDM450, SDM630, SDM636, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8016, APQ8096AU, APQ8098, MDM9205, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCA8081, QM215, SDM429, SDM439, SDM450, SDM632, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Designate does not enforce the DNS protocol limit concerning record set sizes,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cumin: At installation postgresql database user created without password,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rc before 1.7.1-5 insecurely creates temporary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, APQ8098, MDM9640, MSM8996AU, MSM8998, QCA6574AU, QCN7605, QCS405, QCS605, SDA845, SDM845, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
python-rply before 0.7.4 insecurely creates temporary files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Moodle before 2.2.2 has users' private files included in course backups,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
mono 2.10.x ASP.NET Web Form Hash collision DoS,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
tog-Pegasus has a package hash collision DoS vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and ""memcpy with overlapping ranges.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""/cgi-bin/go"" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
uzbl: Information disclosure via world-readable cookies storage file,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
trytond 2.4: ModelView.button fails to validate authorization,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The login feature in ""/cgi-bin/portal"" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) ""Cookie Dump Servlet"" and 2) Http Content-Length header. 1) A POST request to the form at ""/test/cookie/"" with the ""Age"" parameter set to a string throws a ""java.lang.NumberFormatException"" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request ""Content-Length"" header set to a consonant string (string including only letters).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a ""php"" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cobbler: Web interface lacks CSRF protection when using Django framework,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The ultimate-member plugin before 2.0.4 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
surf: cookie jar has read access from other local user,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user (""Operator"" access level) to access the configuration file of the mail server (except for the password).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function __ustream_ssl_poll, which is used to dispatch the read/write events",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access.",PHYSICAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ClamAV before 0.97.7 has WWPack corrupt heap memory,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ClamAV before 0.97.7 has buffer overflow in the libclamav component,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by the underlying system. It is possible to achieve this by modifying the values in the files.SUM file (which are used for integrity control) and injecting malicious code into the upgrade.sh file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '""sampling"":{""value"":""<script>' substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression ""function()"" substring, as demonstrated by a ""function(){console.log("" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as ""harmful"" within the README.md file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the ""administer themes"" permission to inject arbitrary web script or HTML via the breadcrumb separator field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the ""EFAIL"" attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
letodms 3.3.6 has CSRF via change password,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the ""Connected Clients"" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"offlineimap before 6.3.2 does not check for SSL server certificate validation when ""ssl = yes"" option is specified which can allow man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Moodle before 2.2.2: Overview report allows users to see hidden courses,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139287605",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-137283376",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139188579",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as ""some text\rQUIT"" to the 'privmsg' handler, which would cause the client to disconnect from the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the ""fileName"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
atop: symlink attack possible due to insecure tempfile handling,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JBoss KeyCloak is vulnerable to soft token deletion via CSRF,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be ""promoted"" before being used as a pagetable, and ""demoted"" before being used for any other type. Xen also allows for ""recursive"" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Pacemaker before 1.1.6 configure script creates temporary files insecurely,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Python Twisted 14.0 trustRoot is not respected in HTTP client,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Elgg through 1.7.10 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dump Servlet information leak in jetty before 6.1.22.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known ""deserialization gadgets."" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) ""deserialization gadget"" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown ""deserialization gadgets"" when Spring Security enables default typing.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Elgg through 1.7.10 has a SQL injection vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
statusnet before 0.9.9 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Optergy Proton/Enterprise devices allow Open Redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Optergy Proton/Enterprise devices allow Username Disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices have Hard-coded Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the ""HiddenFieldControlCustomWhiteListedExtensions"" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the ""HiddenFieldControlCustomWhiteListedExtensions"" parameter, the server accepts ""secctest.asp"" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Unrestricted File Upload.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
liboping 1.3.2 allows users reading arbitrary files upon the local system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href=""#identifier"">' substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that ""current"" references work. Without this, ""current"" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay ""add instance"" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"viewvc 1.0.3 allows improper access control to files in a repository when using the ""forbidden"" configuration option.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mondo 2.24 has insecure handling of temporary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
gri before 2.12.18 generates temporary files in an insecure way.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, ""Improper Access Control."" As a result, an unauthenticated user may change the password of any administrator-level user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, ""Improper Access Control."" As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
PopojiCMS 2.0.1 allows refer= Open Redirection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cache Poisoning issue exists in DNS Response Rate Limiting.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the ""system settings - mail server"" screen, the XSS payload is triggered.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Rbot Reaction plugin allows command execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
WebApp JSP Snoop page XSS in jetty though 6.1.21.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Pagure: XSS possible in file attachment endpoint,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the ""forgot password"" function.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct ""poisoned NUL byte attack.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the ""JSwindow"" property of the typolink function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""mpglibDBL/layer3.c"" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Portainer before 1.22.1 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TYPO3 before 4.5.4 allows Information Disclosure in the backend.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the ""Design Configuration"" dashboard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Mumble: murmur-server has DoS due to malformed client query,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
burn allows file names to escape via mishandled quotation marks,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ruby193 uses an insecure LD_LIBRARY_PATH setting.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CloudForms stores user passwords in recoverable format,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
JBoss AeroGear has reflected XSS via the password field,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ""execute date"" commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
php-symfony2-Validator has loss of information during serialization,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the ""VideoTags"" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states ""This function wasn't used for security purposes (and is advertised as being unsuitable).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cryptocat before 2.0.22 has Nickname User Impersonation,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"""managed-keys"" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.,LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
overkill has buffer overflow via long player names that can corrupt data on the server machine,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
evince is missing a check on number of pages which can lead to a segmentation fault,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
JetBrains MPS before 2019.2.2 exposed listening ports to the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cryptocat has an Unspecified Chat Participant User List Disclosure,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing ""Bulletins"") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command ""shutdown -r -t 0"" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions of archiver allow attacker to perform a Zip Slip attack via the ""unarchive"" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a ""../../file.exe"" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TWiki allows arbitrary shell command execution via the Include function,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cryptocat before 2.0.22 has Remote Denial of Service via username,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
minidlna has SQL Injection that may allow retrieval of arbitrary files,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MiniUPnPd has information disclosure use of snprintf(),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Infosysta ""In-App & Desktop Notifications"" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the Infosysta ""In-App & Desktop Notifications"" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
slim has NULL pointer dereference when using crypt() method from glibc 2.17,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Log module in SECUDOS DOMOS before 5.6 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the ""View build runtime parameters and data"" permission.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into ""upgrading"" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SugarCRM CE <= 6.3.1 contains scripts that use ""unserialize()"" with user controlled input which allows remote attackers to execute arbitrary PHP code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
qtparted has insecure library loading which may allow arbitrary code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
gpw generates shorter passwords than required,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
asterisk allows calls on prohibited networks,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ytnef has directory traversal,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
paxtest handles temporary files insecurely,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
pixelpost 1.7.1 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
pixelpost 1.7.1 has SQL injection,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoo 2.10 has Directory traversal,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an ""external command"" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the ""is not documented"" finding but suggests that much of the responsibility for the risk lies in a different product.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
mediawiki allows deleted text to be exposed,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Bitlbee does not drop extra group privileges correctly in unix.c,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hadoop 1.0.3 contains a symlink vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mailscanner can allow local users to prevent virus signatures from being updated,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone ""/netflow/jspui/linkdownalertConfig.jsp"" file in the task parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the ""Mail Message Framework"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tiki Wiki CMS Groupware 5.2 has XSS,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tiki Wiki CMS Groupware 5.2 has CSRF,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data=""data:text/html' substring in an e-mail message (The vendor subsequently patched this).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: ""While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CoreHR Core Portal before 27.0.7 allows stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-865L has Information Disclosure.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
tonyy dormsystem through 1.3 allows DOM XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sourcecodester Restaurant Management System 1.0 allows XSS via the ""send a message"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an ""external command"" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-865L has PHP File Inclusion in the router xml file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized ""query_string"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in the ""Leaf and Chain"" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The ""OpenID Connect Relying Party and OAuth 2.0 Resource Server"" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an ""OIDCUnAuthAction pass"" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is ""normal"" and use of the same battery for the BIOS and the overall system is a ""new design."" However, the vendor apparently plans to ""improve"" this an unspecified later time.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for ""SELECT ST_AsX3D('LINESTRING EMPTY');"" because empty geometries are mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race condition vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized ""file"" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized ""query_string"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized ""f"" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized ""rec"" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized ""filename"" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized ""param"" variable constructed partially from the URL args and reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized ""id"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized ""id"" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized ""id"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized ""query_string"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the ""param"" parameter of the error process HTTP requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized ""file"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized ""eavesdrop_dest"" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized ""id"" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized ""id"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized ""id"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized ""contact_uuid"" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized ""c"" variable coming from the URL, which is reflected in HTML, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
totemodata 3.0.0_b936 has XSS via a folder name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.),NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the ""Ghidra Codebrowser > Window > Python"" option, Ghidra will try to execute the cmd.exe program from this working directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Content Manager. While the vulnerability is in Oracle Content Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Content Manager accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Relate CRM Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Relate CRM Software accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by sending malicious input to the affected software through crafted DHCP requests, and then persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,NONE,LOW
The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 5.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0-17.12.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: US Federal Specific). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Forms. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Forms, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Forms accessible data as well as unauthorized read access to a subset of Oracle Forms accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Inventory Integration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. While the vulnerability is in Oracle Web Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the ""support debug text file"").",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with ""patrol"" privileges to elevate his/her privileges to the ones of the ""root"" user by specially crafting a shared library .so file that will be loaded during execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Hyperion Data Relationship Management. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Dolibarr 10.0.2. It has XSS via the ""outgoing email setup"" feature in the admin/mails.php?action=edit URI via the ""Sender email for automatic emails (default value in php.ini: Undefined)"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Dolibarr 10.0.2. It has XSS via the ""outgoing email setup"" feature in the /admin/mails.php?action=edit URI via the ""Send all emails to (instead of real recipients, for test purposes)"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Office accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N).",PHYSICAL,HIGH,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
"The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service (""vn_get_string error: Resource temporarily unavailable"" error and daemon crash) via a long URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.,ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SonarSource SonarQube before 7.8 has XSS in project links on account/projects.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OX App Suite through 7.10.2 has Insecure Permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
tonyy dormsystem through 1.3 allows SQL Injection in admin.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the ""file manager > upload images"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.10.1 and 7.10.2 allows SSRF.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
OX App Suite 7.10.1 and 7.10.2 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
tonyy dormsystem through 1.3 allows SQL Injection in admin.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the ""file manager > upload images"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the ""News > Add Article"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.10.1 and 7.10.2 allows SSRF.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
OX App Suite 7.10.1 and 7.10.2 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding ""_bsontype"":""a"" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = ""/dir_login.asp""' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
laravel-bjyblog 6.1.1 has XSS via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The token generator in index.php in Centreon Web before 2.8.27 is predictable.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, ""pinch and zoom"" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
vBulletin through 5.5.4 mishandles custom avatars.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
vBulletin before 5.5.4 allows clickjacking.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Pi-Hole 4.3 allows Command Injection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8801.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks ""into outfile"" in a SELECT statement, but does not block the ""into/**/outfile"" manipulation. Therefore, the attacker can create a .php file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the ""Operation log"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software insufficiently validates incoming traffic. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to bypass the file and malware inspection policies and send malicious traffic through the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Software security restrictions and gain access to the underlying filesystem of the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (""Upload DAA"" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP ""Basic Authentication"" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: ""Utilization of USB/SD Card to flash the device"" and ""Remote provisioning process via ABB Panel Builder 600 over FTP."" Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with ""CWD ../"" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to 10.1.2.2.2-11201.1908. Unsupported versions not listed here were not evaluated.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8491.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8295.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8272.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8230.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8229.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8165.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8163.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7874.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7637.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the ""export configuration"" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a ""stopped"" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token and use it to authenticate as the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to ""blue screen"" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attachment with a specific pattern. A successful exploit could allow the attacker to bypass configured content filters that would normally block the attachment.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&amp;P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software with the HTTP Server feature enabled. The default state of the HTTP Server feature is version dependent.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted CSR in the web-based management interface. A successful exploit could allow an attacker with administrator privileges to execute arbitrary commands on the device with full root privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted authenticated commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands on an affected device with root privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by adding specific strings to multiple configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by the import-config process. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to implement arbitrary code on the affected device with elevated privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by invoking an interface monitoring mechanism with a crafted argument on the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN network. A successful exploit could result in a crash of the l2vpn_mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). On each of the affected devices, a crash could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&amp;P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulnerability by sending malicious TLS messages to the affected system. A successful exploit could allow the attacker to bypass the configured policies for the system, which could allow traffic to flow through without being inspected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco ISE software version 2.1 is affected.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. This vulnerability is fixed in version 3.13.26920.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the CMS call bridge. An exploit could allow the attacker to cause the CMS to reload, causing a DoS condition for all connected clients. Versions prior to 2.3.9 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the affected device. An exploit could allow the attacker to fill up the filesystem or upload malicious scripts.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54 and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). Cisco UCS 6200 and 6300 Fabric Interconnect devices are affected in versions prior to 3.2(2b).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of templates in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9149.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8838.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8695.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via ""/teach/course/doajaxfileupload.php"". The target server can be exploited without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in ""doHandshakefromServer"" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the ""nobody"" user through a crafted ""HTTP"" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the servers. The component is: Two web servers in the projects expose three vulnerable endpoints that can be accessed remotely. The endpoints are defined at: - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/merlin_model_server/api.js#L34 - /alignment: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L28 - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L65. The attack vector is: Attacker sends a GET request to the vulnerable endpoint with a specially formatted query parameter. The fixed version is: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S3; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.2X75 versions prior to 17.2X75-D105; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30; 18.3 versions prior to 18.3R1-S4, 18.3R2. Junos OS releases prior to 16.1R1 are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On Juniper ATP, secret passphrase CLI inputs, such as ""set mcm"", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5427.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5895.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5580.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA boundItem method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5579.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5568.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation's author attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5435.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5434.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5433.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5432.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5618.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5414.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5473.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.,PHYSICAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, ""S@l+&pepper"".",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network.,PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, ""Hello World"" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the ""Dynamic base"" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of ""Capabilities"" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the ""Remote View"" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.",ADJACENT_NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77), SIPROTEC Compact 7SJ66 (All versions < V4.30), Other SIPROTEC Compact relays (All versions), Other SIPROTEC 4 relays (All versions). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via ""format"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of ""Object"" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of ""Object"" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of ""Object"" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of ""Object"" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with ""Content-Type: application/json"" and a very large payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a ""zip slip"" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing ""dot dot slash"" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as ""Zip-Slip"". IBM X-Force ID: 149427.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,NONE,LOW
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user&#195;&#162;&#194;&#128;&#194;&#153;s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed.  IBM X-Force ID: 148691.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148620.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148615.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.,NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145583.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145582.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 145180.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143791.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 143121.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142955.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be uploaded to the control room. By uploading a malicious file and tricking a victim to run it, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 142889.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139589.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138427.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSimple_Calculate method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5491.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the bitmapDPI attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5437.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5501.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. Was ZDI-CAN-4222.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options ""--provision*db"", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.,ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.,PHYSICAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account ""default"" with its default password to login to XMeye and access/view video streams.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-7241.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the defaultValue property of ComboBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7253.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7130.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7070.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isPropertySpecified method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6470.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getPageBox method of a Form. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7141.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the style property of a Field object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6915.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6890.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mailDoc method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6850.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array indices. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6817.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the content property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6524.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeAttribute method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6522.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the currentPage property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6519.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isCompatibleNS method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6518.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the title property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6511.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the respose property of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6509.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getDisplayItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6506.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the moveInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6505.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mandatory property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6502.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getItemState method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6501.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNodes method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6487.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAttribute method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6486.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rotate property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6485.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6483.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the deleteItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6478.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6474.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the loadXML method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6473.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id property of a aliasNode. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6472.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the attachIcon property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6499.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subject property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6498.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6500.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6614.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6455.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Validate events of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6439.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the ""allowed_uids"" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the ""capro"" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user ""root"" and an empty password by using the enabled onboard UART headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system via a web browser and with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the ""unmew11()"" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users are able to change executable and library files on the affected products.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Emerson AMS Device Manager v12.0 to v13.5.  A specially crafted script may be run that allows arbitrary remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the ""easy bolus"" and ""remote bolus"" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The ""null skcipher"" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the baseband processor. Was ZDI-CAN-5368.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6351.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6328.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6327.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6219.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6233.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the mailDoc function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5770.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the oneOfChild attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5774.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importTextData method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6030.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6024.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWordQuads method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6022.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageBox method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6020.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6017.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6010.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6005.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,LOW
"A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.,PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.",ADJACENT_NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to install applications under the context of the current user. Was ZDI-CAN-5330.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5423.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5410.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could cause the affected player to crash, resulting in a DoS condition. For more information about this vulnerability, see the Details section of this security advisory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between user accounts and organization accounts. An attacker who has administrator or compliance officer privileges for one organization account could exploit this vulnerability by using those privileges to view and modify data for another organization account. No customer data was impacted by this vulnerability.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
"A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting specific URLs via the web-based interface. A successful exploit could allow the attacker to view sensitive system information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve84006.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve25985.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued. An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system. Cisco Bug IDs: CSCvh84511.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. An attacker could exploit this vulnerability by sending malicious traffic through an affected device. An exploit could allow the attacker to increase the resource consumption of a single instance of the Snort detection engine on an affected device. This will lead to performance degradation and eventually the restart of the affected Snort process. Cisco Bug IDs: CSCvi09219, CSCvi29845.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf03514.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the application through the web-based management interface. A successful exploit could allow the attacker to hijack an authenticated user's browser session. Cisco Bug IDs: CSCvi23787.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerability is due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed. An attacker could exploit this vulnerability by sending packets through an interface on the targeted device. A successful exploit could allow the attacker to bypass configured VPN policies. Cisco Bug IDs: CSCvh49388.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code on the device. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69943, CSCve02429, CSCve02433, CSCve02435, CSCve02445, CSCve04859.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code or cause a DoS condition on the device. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69962, CSCve02808, CSCve02810, CSCve02812, CSCve02819, CSCve02822, CSCve02831, CSCve04859.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69966, CSCve02435, CSCve04859, CSCve41590, CSCve41593, CSCve41601.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69951, CSCve02459, CSCve02461, CSCve02463, CSCve02474, CSCve04859.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges. Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit. Cisco Bug IDs: CSCvc21901.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and configuring an unauthorized account for the device. The account would not require a password for authentication and would be accessible only via a Secure Shell (SSH) connection to the device. A successful exploit could allow the attacker to configure an unauthorized account that has administrative privileges, does not require a password for authentication, and does not appear in the running configuration or the audit logs for the affected device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3500 Platform Switches, Nexus 4000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd13993, CSCvd34845, CSCvd34857, CSCvd34862, CSCvd34879, CSCve35753.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd77904.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCuv79620, CSCvg71263.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi07812.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. This vulnerability affects Connected Grid Network Management System, if running a software release prior to IoT-FND Release 3.0; and IoT Field Network Director, if running a software release prior to IoT-FND Release 4.1.1-6 or 4.2.0-123. Cisco Bug IDs: CSCvi02448.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability is due to incorrect counting of the percentage of dropped traffic. An attacker could exploit this vulnerability by sending network traffic to a targeted device. An exploit could allow the attacker to bypass configured file action policies, and traffic that should be dropped could be allowed into the network. Cisco Bug IDs: CSCvf86435.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block (SMB) protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handles a case in which a large file transfer fails. This case occurs when some pieces of the file are successfully transferred to the remote endpoint, but ultimately the file transfer fails and is reset. An attacker could exploit this vulnerability by sending a crafted SMB file transfer request through the targeted device. An exploit could allow the attacker to pass an SMB file that contains malware, which the device is configured to block. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvc20141.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. This vulnerability affects all Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software when at least one IPv4 helper address is configured on an interface of the device. Cisco Bug IDs: CSCvi35625.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. The permitted operations can be configured for the end user on the virtual machines with either of the following settings: The virtual machine is associated to a Virtual Data Center (VDC) that has an end user self-service policy attached to the VDC. The end user role has VM Management Actions settings configured under User Permissions. This is a global configuration, so all the virtual machines visible in the end-user portal will have the VM management actions available. The vulnerability is due to improper user authentication checks. An attacker could exploit this vulnerability by logging in to the UCS Director with a modified username and valid password. A successful exploit could allow the attacker to gain visibility into and perform actions against all virtual machines in the UCS Director end-user portal of the affected system. This vulnerability affects Cisco Unified Computing System (UCS) Director releases 6.0 and 6.5 prior to patch 3 that are in a default configuration. Cisco Bug IDs: CSCvh53501.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party, aka Session Fixation. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company's Identity Provider (IdP). A successful exploit could allow the attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. This vulnerability affects the Cisco AnyConnect Secure Mobility Client, and ASA Software and FTD Software configured for SAML 2.0-based SSO for AnyConnect Remote Access VPN that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvg65072, CSCvh87448.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvg40155.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions. This vulnerability affects the following Cisco products: Aironet 1800 Series Access Points that are running Cisco Mobility Express Software Releases 8.2.121.0 through 8.5.105.0, Aironet 2800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0, Aironet 3800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0. Cisco Bug IDs: CSCva68116.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg87525.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg86518.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCuv32863.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvg88291.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CSCvg74126.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. Cisco Bug IDs: CSCvd07264.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh65713.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could exploit this vulnerability by persuading a user of the affected application to click a malicious link. A successful exploit could allow the attacker to submit arbitrary requests and take unauthorized actions on behalf of the user. Cisco Bug IDs: CSCvg45114.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02082.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable GUI command. An exploit could allow the attacker to execute commands on the underlying BusyBox operating system. These commands are run at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack. Cisco Bug IDs: CSCvg74691.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf37392.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvg21120.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf73922.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvf31132.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential validation. An attacker could exploit this vulnerability by using FTP to connect to the management IP address of the targeted device. A successful exploit could allow the attacker to log in to the FTP server of the Cisco WSA without having a valid password. This vulnerability affects Cisco AsyncOS for WSA Software on both virtual and hardware appliances that are running any release of Cisco AsyncOS 10.5.1 for WSA Software. The device is vulnerable only if FTP is enabled on the management interface. FTP is disabled by default. Cisco Bug IDs: CSCvf74281.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to 12.3R12-S11; 12.3X48 versions prior to 12.3X48-D80 on SRX Series; 15.1 versions prior to 15.1R7; 15.1X49 versions prior to 15.1X49-D150, 15.1X49-D160 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
"If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded to an extended denial of service condition. This issue only affects Junos OS 15.1 and later. Earlier releases are unaffected by this issue. Devices are only vulnerable to the specially crafted DHCPv6 message if DHCP services are configured. Devices not configured to act as a DHCP server are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495; 16.1 versions prior to 16.1R4-S11, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9; 17.2 versions prior to 17.2R2-S6; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R1-S5; 18.1 versions prior to 18.1R2-S3; 18.2 versions prior to 18.2R1-S2; 18.2X75 versions prior to 18.2X75-D20.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D30 on vSRX.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3;",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 14.1X53 versions prior to 14.1X53-D130 on QFabric Series; 15.1F6 versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R1-S6 16.2R3; 17.1 versions prior to 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions prior to 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions prior to 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions prior to 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions prior to 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters"" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters"" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform: > show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs it will become inaccessible and a restart will be required. This issue only affects end devices, transit devices are not affected. Affected releases are Juniper Networks Junos OS with VPLS configured running: 12.1X46 versions prior to 12.1X46-D76; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D58 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471 on NFX; 15.1X53 versions prior to 15.1X53-D66 on QFX10; 16.1 versions prior to 16.1R3-S8, 16.1R4-S6, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R1-S5, 17.2R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R10, 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2; 17.1 versions prior to 17.1R2.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S7, 12.3R13; 12.3X48 versions prior to 12.3X48-D65; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D130; 15.1 versions prior to 15.1F2-S20, 15.1F6-S10, 15.1R7; 15.1X49 versions prior to 15.1X49-D130; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66; 16.1 versions prior to 16.1R5-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.1X70 versions prior to 16.1X70-D10; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3;",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Devices with without CLNS enabled are not vulnerable to this issue. Devices with IS-IS configured on the interface are not vulnerable to this issue unless CLNS routing is also enabled. This issue only affects devices running Junos OS 15.1. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5; 15.1X49 versions prior to 15.1X49-D60; 15.1X53 versions prior to 15.1X53-D66, 15.1X53-D233, 15.1X53-D471. Earlier releases are unaffected by this vulnerability, and the issue has been resolved in Junos OS 16.1R1 and all subsequent releases.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a ""safe mode"" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by ""synophoto_dsm_user --auth USERNAME PASSWORD"", and local users are able to obtain credentials by sniffing ""/proc/*/cmdline"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the ""a"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,LOW,NONE
"A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.",PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,LOW
"A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the ""type"" and ""account"" parameters of json requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped ""description"" field that could be specified by the provider.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,LOW,HIGH,HIGH
"A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd82064.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected application does not properly validate Fragmentation Unit (FU-A) protocol packets. An attacker could exploit this vulnerability by sending a crafted H.264 FU-A packet through the affected application. A successful exploit could allow the attacker to cause a DoS condition on the affected system due to an unexpected restart of the CMS media process on the system. Although the CMS platform continues to operate and only the single, affected CMS media process is restarted, a brief interruption of media traffic for certain users could occur. Cisco Bug IDs: CSCve10131.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumeration attack to the IP address of the device. An exploit could allow the attacker to determine valid usernames. Cisco Bug IDs: CSCvd47888.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A ""Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service"" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,LOW
A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ""improper neutralization of HTTP headers for scripting syntax"" issue has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.  The impact of this vulnerability includes the theoretical disclosure of sensitive information.  Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim's affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,LOW,HIGH,HIGH
"Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dotCMS administration panel, versions 3.7.1 and earlier, ""Push Publishing"" feature in Enterprise Pro is vulnerable to arbitrary file upload. When ""Bundle"" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle contains. This vulnerability combined with the path traversal vulnerability (CVE-2017-3188) can lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dotCMS administration panel, versions 3.7.1 and earlier, ""Push Publishing"" feature in Enterprise Pro is vulnerable to path traversal. When ""Bundle"" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for writing files to arbitrary directories on the file system. These archives may be uploaded directly via the administrator panel, or using the CSRF vulnerability (CVE-2017-3187). An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity capabilities. The ThreatMetrix SDK versions prior to 3.2 do not validate SSL certificates on the iOS platform. An affected application will communicate with https://h-sdk.online-metrix.net, regardless of whether the connection is secure or not. An attacker on the same network as or upstream from the iOS device may be able to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue.  NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of ""Status: Connected"" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137038.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137037.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137036.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 133123.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4906.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4316.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4231.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. (""%2e%2e"", ""%2e."", "".%2e"").",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url. File access is restricted to only .html files.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url, but is limited to accessing only .html files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url. Accessible files are restricted to files with .htm and .js extensions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a ""not supported"" error.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if you're vulnerable, look for a call to `require(""uri-js"").parse()` where a user is able to send their own input. This affects uri-js 2.1.1 and earlier.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Http-signature is a ""Reference implementation of Joyent's HTTP Signature Scheme"". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the ""typecontainerid"" parameter of the policy editor could allowed code injection into pages of authenticated users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
"An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ""ROBOT.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.",ADJACENT_NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted ""RF wake-up"" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A ""Cisco WebEx Network Recording Player Remote Code Execution Vulnerability"" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf57234, CSCvg54868, CSCvg54870.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A ""Cisco WebEx Network Recording Player Remote Code Execution Vulnerability"" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A ""Cisco WebEx Network Recording Player Remote Code Execution Vulnerability"" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A ""Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability"" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A ""Cisco WebEx Network Recording Player Remote Code Execution Vulnerability"" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka ""Unauthorized Internal Interface Access."" This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51707, CSCve93961, CSCve93964, CSCve93965, CSCve93968, CSCve93974, CSCve93976.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco FXOS or NX-OS System Software: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51700, CSCve93833, CSCve93860, CSCve93863, CSCve93864, CSCve93880.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvf23928.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf51241, CSCvf51261.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf09173.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvc21581.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674.",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only. This vulnerability affects Cisco Firepower System Software Releases 6.0 and later when the software has one or more file action policies configured and is running on any of the following Cisco products: 3000 Series Industrial Security Appliances (ISR), Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Cisco Bug IDs: CSCvd34776.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354.",LOCAL,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce ""SMB signing"" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4518.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2;",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"When the 'bgp-error-tolerance' feature &#xe2;&#x80;"" designed to help mitigate remote session resets from malformed path attributes &#xe2;&#x80;"" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if 'extended-statistics' are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53-D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1-S3, 17.2R2 on MX Series; 17.2X75 prior to 17.2X75-D50 on MX Series; 17.3 prior to 17.3R1-S1, 17.3R2 on MX Series. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,HIGH,NONE
"In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of ""Uri.EscapeUriString"" that could result in compromise of API keys or other critical resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the ""Resource.get"" method that could result in compromise of API keys or other critical resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the ""Resource#find"" method that could result in compromise of API keys or other critical resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the ""nxdomain-redirect"" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type ""redirect"" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value.  Having a weak or virtually non-existent random value makes the operations that use it vulnerable.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to ""max-headers"" (default 200) * ""max-header-size"" (default 1MB) per active TCP connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={""name"":""c_regist"",""details"":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {""code"": ""01"", ""name"": ""push_commands"", ""details"": {""server_id"": ""1"" , ""title"": ""Test Command"", ""comments"": ""Test"", ""commands"": ""touch /tmp/test""}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `[""test"", ""'); DELETE TestTable WHERE Id = 1 --')""]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Since ""algorithm"" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"ws is a ""simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455"". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The npm module ""shell-quote"" 1.6.0 and earlier cannot correctly escape "">"" and ""<"" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for ""Accept-Language"", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
"backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,HIGH
"MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The animate-it plugin before 2.3.4 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the "">"" should be "">="" instead.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an ""Admin Member JSON Update"" issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In FingerprintService, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to a local information disclosure of metadata about the biometrics of another user on the device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599663",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78288018",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The ""Forget about this site"" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77474014",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not ""consider these to be security issues"" because a user may legitimately want to preserve any file for use ""in other apps like the Google Photos gallery"" regardless of whether its associated chat is deleted.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Ilch 2.1.22 allows remote code execution because php is listed under ""Allowed files"" on the index.php/admin/media/settings/index page.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-78287084",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122322613",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121267042",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121035878",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68770980",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112309571",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JobStore, there is a mismatched serialization/deserialization for the ""battery-not-low"" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-130173029",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
eBrigade before 5.0 has evenements.php cid SQL Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as ""Too many connections"") has occurred.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495103,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Windows GDI Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka ""Microsoft Edge Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Windows GDI Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Graphics Component Remote Code Execution Vulnerability."" This vulnerability is different from that described in CVE-2017-0108.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka ""Microsoft Office Denial of Service Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka ""Library Loading Input Validation Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Windows GDI Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka ""Microsoft Hyper-V Network Switch Denial of Service Vulnerability."" This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka ""Internet Explorer Security Feature Bypass Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Uniscribe Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka ""Hyper-V Remote Code Execution Vulnerability."" This vulnerability is different from that described in CVE-2017-0109.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka ""Hyper-V vSMB Remote Code Execution Vulnerability."" This vulnerability is different from that described in CVE-2017-0021.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka ""Windows Graphics Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka ""Windows Graphics Component Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka ""ADFS Security Feature Bypass Vulnerability.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka "".NET Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka ""LDAP Elevation of Privilege Vulnerability.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka ""Windows NetBIOS Denial of Service Vulnerability"".",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka ""Win32k Elevation of Privilege Vulnerability."" This CVE ID is unique from CVE-2017-0188.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka ""Windows Denial of Service Vulnerability.""",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka ""Microsoft Edge Security Feature Bypass Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka ""Microsoft Office Security Feature Bypass Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka ""Microsoft Browser Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka ""Windows Hyper-V vSMB Elevation of Privilege Vulnerability"".",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka ""Windows COM Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-0213.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka ""Microsoft Edge Elevation of Privilege Vulnerability."" This CVE ID is unique from CVE-2017-0233.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka "".NET Security Feature Bypass Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka ""Windows SMB Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka ""Windows SMB Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka ""Windows SMB Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka ""Windows Uniscribe Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8528.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka ""Windows PDF Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0292.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka ""Windows PDF Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0291.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka ""Windows Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka ""Windows Default Folder Tampering Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka ""Windows TDX Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka ""Windows COM Session Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.",ADJACENT_NETWORK,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33812508. References: N-CVE-2017-0332.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. References: N-CVE-2017-0337.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31695439. References: QC-CR#1086123, QC-CR#1100695.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-CR#1096301.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32372051. References: M-ALPS02973195.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33139056. References: QC-CR#1097714.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33897738.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199963. References: B-RB#110688.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34203305. References: B-RB#111541.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34624457. References: B-RB#113189.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with ""Edit"" access to ""System Customization"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does ""bundle install"" on a Gemfile specified by .versions.conf in $PWD resulting in code execution",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mautic 2.6.1 and earlier fails to set flags on session cookies,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a ""--"" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony First Edition. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,HIGH
"Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,HIGH,NONE
"Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A malicious third-party can give a crafted ""ssh://..."" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running ""git clone --recurse-submodules"" to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP ""unserialize()"" function when importing a skin from an XML file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Private Banking executes to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Hotel Mobile. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workcenter). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions that are affected are 3.0 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. While the vulnerability is in Oracle Communications Convergence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Convergence accessible data as well as unauthorized read access to a subset of Oracle Communications Convergence accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via IKE to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS BellaVita. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS BellaVita accessible data as well as unauthorized read access to a subset of MICROS BellaVita accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported versions that are affected are 11.1.1.7.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Repository, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Repository accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Repository accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (subcomponent: Search). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core CRM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core CRM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core CRM accessible data as well as unauthorized read access to a subset of Siebel Core CRM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PCMServlet). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Mobile Service). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. While the vulnerability is in Oracle Retail Point-of-Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony First Edition Venue Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition Venue Management. While the vulnerability is in Oracle Hospitality Simphony First Edition Venue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition Venue Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony First Edition Venue Management accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Hospitality Suites Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suites Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suites Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Agile PLM executes to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Prior to 9.7.6.b. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where SPARC M7, T7, S7 based Servers executes to compromise SPARC M7, T7, S7 based Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of SPARC M7, T7, S7 based Servers. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: OSB Web Console Design, Admin). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Bus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Bus accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 1.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise FSCM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). NOTE: the previous information is from the July 2017 CPU. Oracle has not commented on third-party claims that this issue exists in the migrate functionality in the WebLogic/cluster/singleton/ServerMigrationCoordinator class and allows remote attackers to shutdown the server via a crafted T3 request.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Policy Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Engineering Data Management accessible data as well as unauthorized read access to a subset of Oracle Engineering Data Management accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Windows). The supported version that is affected is 1.1. Difficult to exploit vulnerability allows physical access to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality Hotel Mobile. CVSS 3.0 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L).,PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields). The supported version that is affected is 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CMRO). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Direct Banking as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data and unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Export Functionality). Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,LOW,LOW
Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android). The supported version that is affected is 1.01. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Hotel Mobile executes to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Java VM executes to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,LOW
Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_DEFN_CATG). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Property Interfaces executes to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality RES 3700 executes to compromise Oracle Hospitality RES 3700. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality RES 3700 accessible data as well as unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Inventory and Count Cycle). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. While the vulnerability is in Oracle Hospitality Inventory Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Inventory Management accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality RES 3700 accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L).",PHYSICAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). The supported version that is affected is 8.0.75. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality WebSuite8 Cloud Service. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Browse Folder Hierarchy). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Add New Image). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Identity Manager Connector executes to compromise Oracle Identity Manager Connector. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager Connector, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Setup). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Center Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Center Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Center Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Center Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Performance). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows physical access to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion BI+ accessible data as well as unauthorized update, insert or delete access to some of Oracle Hyperion BI+ accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 7.8 with scope Unchanged. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,HIGH
Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Hotel Mobile accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Hotel Mobile. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Supported versions that are affected are 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. Note: Contact Support for fixes. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1.00 and 9.2.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise SCM eProcurement, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. While the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Guest Access accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Guest Access. CVSS 3.0 Base Score 8.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. While the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. While the vulnerability is in Oracle Hospitality Cruise Materials Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Materials Management. CVSS 3.0 Base Score 8.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft CDA). The supported version that is affected is 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).",LOCAL,HIGH,HIGH,NONE,CHANGED,LOW,LOW,LOW
"ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a ""your communication with the server will be encrypted"" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"""Dokodemo eye Smart HD"" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the ""File"" field is being used in the mail form.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via ""Cabinet"" function.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows ""DHCP - Memory leak in decode_tlv()"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows ""DHCP - Memory leak in fr_dhcp_decode()"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows ""DHCP - Buffer over-read in fr_dhcp_decode_options()"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows ""Infinite loop and memory exhaustion with 'concat' attributes"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows ""DHCP - Buffer over-read in fr_dhcp_decode_suboptions()"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against ""pIe->arraybound"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#2087785",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading ""num_of_cea_blocks"" from the untrusted source (EDID), kernel memory can be exposed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the ""block_type != 2"" case, a similar issue to CVE-2017-9870.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be interpreted as a vulnerability in customer-controlled software, in the sense that the StashCat client side has no secure way to signal that it is ending a session and that data should be deleted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an ""infinite loop.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an ""infinite loop.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an ""infinite loop.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an ""infinite loop.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 2001083.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a ""kill `cat /pathname/tenshi.pid`"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-11763.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-11763.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka ""TRIE Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka ""Windows Search Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka ""Windows DNSAPI Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka ""Windows SMB Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka ""Windows SMB Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka ""Windows Search Denial of Service Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka ""Microsoft Windows Security Feature Bypass"".",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka ""Windows Graphics Component Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka ""Microsoft Edge Security Feature Bypass Vulnerability"". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka ""Microsoft Excel Security Feature Bypass Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka "".NET CORE Denial Of Service Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka ""Microsoft Windows Security Feature Bypass Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"".",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed ""de-auth"" packets to trigger this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed ""deauth"" packets to trigger this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the ""CR8-load exiting"" and ""CR8-store exiting"" L0 vmcs02 controls exist in cases where L1 omits the ""use TPR shadow"" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page ""/cgi-bin/nasset.cgi"". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,LOW
"IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by ""-oProxyCommand=id;localhost:/bar.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a ""kill `cat /pathname/nagios.lock`"" command.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Epson ""EasyMP"" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded ""backdoor"" code (2270), which authenticates to all devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Epson ""EasyMP"" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the ""EasyMP"" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the ""dump uncompressed PseudoColor packets"" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""APFS"" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Profiles"" component. It does not enforce the configuration profile's settings for whether pairings are allowed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""kext tools"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Fonts"" component. It allows remote attackers to spoof the user interface via crafted text.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""Installer"" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""DesktopServices"" component. It allows local users to bypass intended access restrictions on home folder files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Mail"" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the ""Mail"" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large ""len"" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large ""nb_frames"" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large ""frame_count"" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large ""name_len"" or ""count"" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large ""duration"" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an ""externnotify"" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command, as demonstrated by openldap-initscript.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under ""Signed Security Mode"", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large ""item_count"" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the ""exsh restricted shell"" protection mechanism and obtain an interactive shell.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an ""Error Handling Vulnerability.""",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an ""NFS Export Security Setting Fallback Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an ""Application Subdomain Takeover.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered.  NOTE: This is not possible through RSLogix.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered.  NOTE: This is not possible through RSLogix.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted ""Content-Type: text/enriched"" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe ""chown -R"" command is executed.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command, as demonstrated by bearerbox.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a ""kill `cat /pathname/p3scan.pid`"" command, as demonstrated by etc/init.d/p3scan.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Kickbase GmbH ""Kickbase Bundesliga Manager"" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has ""chown -R"" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to "".."" handling was incompatible with the pathname validation used by unspecified community modules.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable ""num_q6_rule"" does not have a mutex lock and thus can be accessed and modified by multiple threads.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating ""it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka ""forced browsing"") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and ""editable"" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the ""id"" parameter when invoking ""delete_user"" on users.queries.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the ""id"" parameter when invoking ""delete_role"" on roles.queries.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the ""item_id"" parameter when invoking ""copy_item"" on items.queries.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using ""nmap -b"" and allow performing scans via the FTP server.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password ""ITsILLEGAL""; however, this password is not required to extract the data. Cleartext is used for a user password.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as ""GET / HTTP/1.1""), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.",ADJACENT_NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,NONE,LOW
"The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors.  NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In net.MCrypt in the ""Diary with lock"" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32().",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ""NQ Contacts Backup & Restore"" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ""NQ Contacts Backup & Restore"" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the ""admin"" username, allows remote attackers to bypass authentication and obtain administrative access via a ""true"" value for the up_auto_log parameter in the QUERY_STRING to the default URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A ""Load YAML"" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the ""qemu"" group to gain root privileges by creating a hard link in a directory on which ""chown"" is called recursively by the OpenRC service script.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file.  NOTE: this issue can be exploited without authentication by leveraging the user registration feature.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this ""primary/secondary"" attack with the CVE-2017-16673 ""rogue pairing"" attack to achieve unauthenticated access to all agent machines running these older DWA versions.",ADJACENT_NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from ""~/.confire.yaml"" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging ""full"" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Photo,Video Locker-Calculator"" application 12.0 for Android has android:allowBackup=""true"" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an ""adb backup '-f smart.calculator.gallerylock'"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bftpd before 4.7, there is a memory leak in the file rename function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the ""sub_A6E8 usbeject_process_entry"" function executes a system function with untrusted input.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, ""Sophos IPSec Client"" 11.04 is a rebranded version of NCP ""Secure Entry Client"" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has a memory leak vulnerability due to memory release failure resulted from insufficient input validation. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in ""xname follows"" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding ""CredentialId"" value, which uniquely identifies a password safe entry. Since ""CredentialId"" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the ""!= 0x1c"" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Ichano AtHome IP Camera devices. The device runs the ""noodles"" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the ""system"" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's ""default request-key keyring"" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 ""replay"" issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, improper access control while configuring MPU protecting error correction registers may potentially lead to exposure of related secured data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, on a secure device, PD dumps are collected when debugging is not enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp(""[\x0""); payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a ""kill -TERM `cat /var/run/jabber/filename.pid`"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the ""MultiReport"" function to alter or delete information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain ""customapp"" information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next ""mco puppet"" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Unlock with iPhone"" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the ""Safari"" component, which allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""sudo"" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the ""libarchive"" component. It allows local users to change arbitrary directory permissions via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Pasteboard"" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the ""MCX Client"" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Quick Look"" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""iTunes Store"" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the ""Security"" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Phone"" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""CoreAudio"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Speech Framework"" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Security"" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""WindowServer"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An unauthenticated attacker can bypass phone activation to user management page of the phone and create a new user. Successful exploit could allow the attacker operate part function of the phone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the ""msmtprc"" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the ""msmtprc"" configuration file resulting in command execution.  An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the ""msmtprc"" configuration file resulting in command execution.  An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the ""msmtprc"" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via SFT to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts).",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 12.0 and 13.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Invoice Matching accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Invoice Matching accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Invoice Matching. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Leads Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Leads Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Leads Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Leads Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, ""The Riddle"".",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,LOW
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Installed Base accessible data as well as unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Blending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Blending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Blending accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Blending accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. While the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus executes to compromise SQL*Plus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in SQL*Plus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of SQL*Plus. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 6.3 with scope Unchanged. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.1 and 12.1.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. While the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0 and 12.1.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). The supported version that is affected is prior to 11.1.12.0.0 (17019101). Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Social Network. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Social Network accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows unauthenticated attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Automatic Service Request (ASR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Automatic Service Request (ASR). CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows unauthenticated attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Automatic Service Request (ASR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Automatic Service Request (ASR). CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Bus accessible data as well as unauthorized read access to a subset of Oracle Service Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).",LOCAL,HIGH,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle User Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eSupplier Connection. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eSupplier Connection accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eSupplier Connection accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Bidder Registration). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Strategic Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM Strategic Sourcing accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Strategic Sourcing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products (subcomponent: Usability). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Service Procurement. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM Service Procurement accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Service Procurement accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1 and 6.4.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Manager accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Retail Warehouse Management System component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 14.0 and 15.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Warehouse Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Warehouse Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Warehouse Management System accessible data as well as unauthorized read access to a subset of Oracle Retail Warehouse Management System accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Supported versions that are affected are 2.2.0.3.13, 2.3.0.0 and 2.3.0.1. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Real-Time Scheduler. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Real-Time Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Real-Time Scheduler accessible data as well as unauthorized read access to a subset of Oracle Real-Time Scheduler accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Admin Console). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iReceivables. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality OPERA 5 Property Services executes to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L).",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). The supported version that is affected is 9.2. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface subsystem). The supported version that is affected is AK 2013. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris Cluster accessible data as well as unauthorized access to critical data or complete access to all Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle API Gateway accessible data as well as unauthorized access to critical data or complete access to all Oracle API Gateway accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Automatic Service Request (ASR) accessible data as well as unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the ""Extremeparr"". CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for ""Ebbisland"". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the ""EASYSTREET"" vulnerability. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an ""error state"" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or ""jail breaking"" a device).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. The following Cisco NetFlow Generation Appliances are vulnerable: NGA 3140, NGA 3240, NGA 3340. Cisco Bug IDs: CSCvc83320.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the ""vmware-vmx"" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka ""BOSH Director Shell Injection Vulnerabilities.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial ""www."" substring).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,LOW,LOW
"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,HIGH,HIGH
"An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided in zip file will be extracted onto the filesystem. In this case, a web shell with the filename '..\WWWRoot\CustomPages\aspshell.asp' was included within the zip file that, when extracted, traversed back out of the inf directory and into the SageCRM webroot. This permitted remote interaction with the underlying filesystem with the highest privilege level, SYSTEM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""export"" function in the Certificate Viewer can force local filesystem navigation when the ""common name"" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"WebExtension scripts can use the ""data:"" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A STUN server in conjunction with a large number of ""webkitRTCPeerConnection"" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Special ""about:"" pages used by web content, such as RSS feeds, can load privileged ""about:"" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue with incorrect ownership model of ""privateBrowsing"" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the ""Volume Up"" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a ""DoubleAgent"" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a ""DoubleAgent"" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a ""DoubleAgent"" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the ""anonymous"" user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.",PHYSICAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Waves MaxxAudio, as installed on Dell laptops, adds a ""WavesSysSvc"" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EyesOfNetwork (""EON"") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when ""SSL Forward Proxy"" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the ""HTTP/2 profile"" may result in a disruption of service to TMM.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a ""Zip Bomb"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a ""DoubleAgent"" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with ""../"" substrings, can occur.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a ""DoubleAgent"" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.12) 9.2(4.18) 9.4(3.12) 9.5(3.2) 9.6(2.2). Cisco Bug IDs: CSCvb40898.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information: CSCvd88936. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco IOS XE Software or devices that are not configured to use Autonomic Networking. More Information: CSCvd22328. Known Affected Releases: 15.5(1)S3.1 Denali-16.2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""iBooks"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""HFS"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the ""iTunes"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Kernel"" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the ""Mail Drafts"" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the ""Data Sync"" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""Application Firewall"" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""libc"" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""MobileBackup"" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the ""Analytics"" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the ""StorageKit"" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the ""Security"" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the ""WebKit Web Inspector"" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented ""Block applications"" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized ""UPDATE dm_dbo.dm_user_s SET user_privileges=16"" command, aka an ""RPC save-commands"" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a ""Component error: login challenge!"" message. The second JSON object encountered has a result indicating a successful admin login.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the ""token"" cookie issued at login.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows ""security alert"" dialog thereby popping up when the ""VPN before logon"" feature is enabled and an untrusted certificate chain.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with ""SecurityLevel None"" and with empty ""AuthFile"" options) via a crafted UDP packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the ""Should PGP signed messages be automatically verified when viewed?"" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ntopng before 3.0 allows HTTP Response Splitting.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Moodle 3.x, course creators are able to change system default settings for courses.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Apache OpenMeetings 1.0.0 updates user password in insecure manner.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Mozilla Maintenance Service ""helper.exe"" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""Mark of the Web"" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An attack using manipulation of ""updater.ini"" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result ""POINT_AT_INFINITY"" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An error in the ""WindowsDllDetourPatcher"" where a RWX (""Read/Write/Execute"") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When a page's content security policy (CSP) header contains a ""sandbox"" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"WebExtensions could use popups and panels in the extension UI to load an ""about:"" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ""instanceof"" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a ""User Mode Write AV near NULL"" in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several user-defined commands.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating ""There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax=""c;id""' line to execute the id command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a ""host="" line within HTTP POST data.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Wireless IP Camera (P2P) WIFICAM devices have an ""Apple Production IOS Push Services"" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function ""msm_close"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables ""nr_cmds"" and ""nr_bos"" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the ""password"" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"libimageworsener.a in ImageWorsener before 1.3.1 has ""left shift cannot be represented in type int"" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka ""Windows Explorer Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka ""LNK Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This CVE ID is unique from CVE-2017-8468.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka ""Windows Cursor Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This CVE ID is unique from CVE-2017-8465.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka ""Windows olecnv32.dll Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka ""Windows Security Feature Bypass Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka ""Microsoft Edge Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8642.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka ""Microsoft Office Security Feature Bypass Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka ""Windows VAD Cloning Denial of Service Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka ""Microsoft Edge Security Feature Bypass Vulnerability"". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka ""Microsoft Malware Protection Engine Denial of Service Vulnerability"", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka ""Microsoft Malware Protection Engine Denial of Service Vulnerability"", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka ""Windows Search Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2017-0263.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Microsoft Graphics Component Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka ""Windows Elevation of Privilege Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka ""SharePoint Server XSS Vulnerability"".",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0243.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka ""Microsoft Office Outlook Security Feature Bypass Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Microsoft Graphics Component Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka ""Microsoft Graphics Component Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka ""DirectX Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka ""HoloLens Remote Code Execution Vulnerability.""",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka ""Windows Explorer Denial of Service Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka ""WordPad Remote Code Execution Vulnerability"".",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka ""Windows Search Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka ""Windows CLFS Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka ""Windows IME Remote Code Execution Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka ""Microsoft Edge Security Feature Bypass Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Windows CLFS Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka ""Internet Explorer Security Feature Bypass Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka ""Microsoft Bluetooth Driver Spoofing Vulnerability"".",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka ""Windows Error Reporting Elevation of Privilege Vulnerability"".",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka ""Xamarin.iOS Elevation Of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8694.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka ""Express Compressed Fonts Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8689.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka ""ASP.NET Core Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka ""Windows Security Feature Bypass"".",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka ""Windows Security Feature Bypass Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8675.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka ""Microsoft Edge Security Feature Bypass Vulnerability"". This CVE ID is unique from CVE-2017-8754.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka ""Microsoft Edge Spoofing Vulnerability"". This CVE ID is unique from CVE-2017-8735.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka ""Windows Shell Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka ""Microsoft Edge Spoofing Vulnerability"". This CVE ID is unique from CVE-2017-8724.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka ""Device Guard Security Feature Bypass Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Xen through 4.8.x mishandles the ""contains segment descriptors"" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.  An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent.  By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 through T6533H05^ADL was found.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba ClearPass 6.6.3 and later includes a feature called ""SSH Lockout"", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with ""root"" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a ""module reference and kernel daemon"" leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented ""The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""negative-size-param"" issue in the ReadImage function in input-tga.c:528:7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the ""Broadpwn"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of ""Unnecessary Services"" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable ""ddp->params_length"" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If ""ddp->params_length"" is set to a big number, a buffer overflow will occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against ""MSM_ISP_STATS_MAX"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 ""but with much less impact.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the ""system helper"" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.  NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides ""a very high security standard."" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are ""encrypted"" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that ""we consider the probability of the success of such manipulation to be extremely low."" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by ""a final integrity and compatibility check."" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the ""block_type == 2"" case, a similar issue to CVE-2017-11126.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of ""Space"" via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of ""Cabinet"" via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0756. CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Subsystem for Linux Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka ""Windows Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2018-0752.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka ""Windows Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2018-0751.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0742, CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka "".NET and .NET Core Denial Of Service Vulnerability"". This CVE is unique from CVE-2018-0765.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka ""Microsoft Edge Security Feature Bypass"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka ""ASP.NET Core Elevation Of Privilege Vulnerability"". This CVE is unique from CVE-2018-0808.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0790.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0789.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka ""Microsoft Outlook Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0793.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka ""Microsoft Outlook Remote Code Execution Vulnerability"". This CVE is unique from CVE-2018-0791.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka ""ASP.NET Core Elevation Of Privilege Vulnerability"". This CVE is unique from CVE-2018-0784.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows GDI Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows GDI Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows GDI Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka ""Scripting Engine Security Feature Bypass"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka ""Spoofing Vulnerability in Microsoft Office for Mac.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Kernel Elevation Of Privilege Vulnerability"". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka ""Windows AppContainer Elevation Of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka ""Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka ""Named Pipe File System Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Storage Services Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka ""Windows Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka ""Windows Kernel Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka ""Windows Common Log File System Driver Elevation Of Privilege Vulnerability"". This CVE is unique from CVE-2018-0846.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka ""Microsoft Outlook Elevation of Privilege Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka ""Windows Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka ""Windows Installer Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka ""Windows Desktop Bridge VFS Elevation of Privilege Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka ""Windows Desktop Bridge Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0882.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka ""Microsoft Video Control Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka ""Windows Desktop Bridge Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0880.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka ""Active Directory Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka ""Windows Security Feature Bypass Vulnerability"". This CVE is unique from CVE-2018-0884.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka ""Microsoft Identity Manager XSS Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka ""Internet Explorer Elevation of Privilege Vulnerability"".",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,NONE,NONE
"Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka ""Internet Explorer Security Feature Bypass Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka ""Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ""Windows Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka ""Device Guard Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka ""Windows SNMP Service Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ""Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka ""Windows Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka ""Windows Storage Services Elevation of Privilege Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the ""rootsquash"" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the ""System Administrator"" permission to ""yes"" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (""test connection"").",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the ""onlycentralAccount"" (Soar Labs) after payment is processed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it ""virtually impossible to exploit.""",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via ""network connectivity"". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and ""non-enclosure"" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding ""[]"" to the end of ""key"" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable ""pub package_name: &'static str,"" in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka ""OpenType Font Driver Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses ""eval('function testfunction'.rand()"" and it is possible to bypass certain restrictions on these ""testfunction"" functions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the ""ProtonVPN Service"" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The ""Connect"" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the ""nordvpn-service"" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The ""Connect"" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"7-Zip through 18.01 on Windows implements the ""Large memory pages"" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The ""Changelog"" and ""Help"" options available from the system tray context menu spawn an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting ""Run as Administrator"" from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the ""connect"" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its ""sevpnclient"" service. When configured to use the OpenVPN protocol, the ""sevpnclient"" service executes ""openvpn.exe"" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows ""Write"" permissions to users in the ""Everyone"" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified ""vaultize_session_id"" value in a cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability."" This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ""Windows Security Feature Bypass Vulnerability."" This affects Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An elevation of privilege vulnerability exists when NTFS improperly checks access, aka ""NTFS Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka "".NET Framework Device Guard Security Feature Bypass Vulnerability."" This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka ""Windows Code Integrity Module Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""file delete"" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""module remove"" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.  An attacker could use this flaw to cause denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the ""VyprVPN"" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The ""SetProperty"" method allows an attacker to configure the ""AdditionalOpenVpnParameters"" property and control the OpenVPN command line. Using the OpenVPN ""plugin"" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using ""VyprVPN Free"" account credentials and the VyprVPN Desktop Client.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the ""CG6Service"" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The ""ConnectToVpnServer"" method accepts a ""connectionParams"" argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its ""SaferVPN.Service"" service. The ""SaferVPN.Service"" service executes ""openvpn.exe"" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs ""/mnt/skyeye/mode_switch.sh %s"" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of ""password"" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state ""At a minimum, you should set a login password.""",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser ""back and refresh"" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the ""download_sys_settings"" action and then specify files arbitrarily throughout the system via the act parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ASUS HG100 devices allow denial of service via an IPv4 packet flood.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in WLAN encrypt/decrypt module can lead to a buffer copy in Snapdragon Mobile in version SD 835, SD 845, SD 850",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the ""--status-fd 2"" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in ""ATA high"" mode, not vulnerable in ""TCG"" or ""ATA max"" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.",PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the ""tradeTrap"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a ""concourse-dot-ci"" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the ""encrypt_key"" URL parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the ""rocommunity"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the ""Mark of the Web."" Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of ""Save Page As..."" functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the ""Save Page As..."" menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Olive Tree Ftp Server application 1.32 for Android has a ""Sensitive Data on the Clipboard"" vulnerability, as demonstrated by reading the ""User password"" field with the Drozer post.capture.clipboard module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the ""Create an array for saving the template argument values"" XNEWVEC call. This can occur during execution of objdump.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only ""User"" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain ""Admin"" rights due to the admin password being displayed in XML.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player 30.0.0.134 and earlier have a ""use of a component with a known vulnerability"" vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.",LOCAL,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Baseon Lantronix MSS devices do not require a password for TELNET access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The URL pattern of """" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Hive 2.3.3, 3.1.0 and earlier, Hive ""EXPLAIN"" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do ""EXPLAIN"" on arbitrary table or view and expose table metadata and statistics.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ftpUser"" POST parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ntpServerIp2"" POST parameter. Certain payloads cause the device to become permanently inoperable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ipAddr"" POST parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the ""name"" parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the ""method"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the ""groupname"" parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""pwd"" parameter during user creation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""username"" parameter during user creation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the ""checkport"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""checkName"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the ""secure"" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass ""WebSudo"" through an improper access control vulnerability.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the ""/xml/system/control.xml"" URL, using the GET request ""?action=reboot"" for example.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the ""/xml/system/setAttribute.xml"" URL, using the GET request ""?id=0&attr=protectAccess&newValue=0"" (a successful attack will allow attackers to login without authorization).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the ""admin"" username with password ""admin"" after a successful attack).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the ""Web Connecton\EE40"" and ""Web Connecton\EE40\BackgroundService"" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the ""Web Connecton\EE40\BackgroundService"" directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the ""formsetUsbUnload"" function executes a dosystemCmd function with untrusted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality=""required"" trust-in-target=""supported""/>",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the ""load_script"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a package name of android that has been modified by Leagoo or another entity in the supply chain. The system_server process in the core Android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than ""allow-all"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
YSoft SafeQ Server 6 allows a replay attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse ""quserex.dll"" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the ""pass"" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and ""nativeWindowOpen: true"" or ""sandbox: true"" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an ""End Of Support Life"" product.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"POSIM EVO 15.13 for Windows includes an ""Emergency Override"" administrative account that may be accessed through POSIM's ""override"" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters ""ifdescr"" and ""ipv"" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the ""payload"" URL parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. In combination with another attack (unauthenticated password change), the attacker can circumvent the authentication requirement.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which ""docker start"" is allowed but ""docker pause"" is not allowed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ""restoration of privilege"" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the ""pipe"" instruction.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\LLMNR packets in prvParseDNSReply.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks.  NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the ""faxq-helper activate <jobid>"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ""restoration of privilege"" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the ""pipe"" instruction. This is due to an incomplete fix for CVE-2018-16509.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Ansible ""User"" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the ""view"" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema ""only"" option treats an empty list as implying no ""only"" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the ""only"" option, and there is a user role that produces an empty value for ""only"").",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { ""message"" : ""invalid authorization header"" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an ""Edit color palette"" search that triggers an ""index out of range"" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end ""download"" feature, as demonstrated by an mfp.password downloadsettingvalue operation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.  NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge.  NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Telegram Desktop (aka tdesktop) 1.3.16 alpha, when ""Use proxy"" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Seqrite End Point Security v7.4 has ""Everyone: (F)"" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the ""system"" library function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001.  NOTE: the vendor disputes that this is a vulnerability, stating it is ""already mitigated by the internal firewall that limits access to configuration services to localhost.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides ""NT AUTHORITY\SYSTEM"" access to unprivileged users via the --system option.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KioWare Server version 4.9.6 and older installs by default to ""C:\kioware_com"" with weak folder permissions granting any user full permission ""Everyone: (F)"" to the contents of the directory and it's sub-folders. In addition, the program installs a service called ""KWSService"" which runs as ""Localsystem"", this will allow any user to escalate privileges to ""NT AUTHORITY\SYSTEM"" by substituting the service's binary with a malicious one.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has ""BUILTIN\Users:(I)(F)"" permissions for the ""%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe"" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.,LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided ""Nonce Get (0x98 0x81)"" frames. The reason for dividing the ""Nonce Get"" frame is that, in security version S0, when a node receives a ""Nonce Get"" frame, the node produces a random new nonce and sends it to the Src node of the received ""Nonce Get"" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when ""Nonce Get"" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1.""/media/wps/enrollee/pin"" and $rphyinf2.""/media/wps/enrollee/pin"" and $rphyinf3.""/media/wps/enrollee/pin"" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3.""/media/wps/enrollee/pin"" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the ""sudo ln -s /tmp/script /etc/cron.hourly/script"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe ""cat README.md"" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the ""user"" value, and saving the changes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the ""password"" parameter in the login form.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant any user the default privilege roles that were also created for each of the accounts.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of ""assembly { mstore }"" followed by a ""c[0xC800000] = 0xFF"" assignment.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a ""disabled registration"" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time. This allows code to be run as NT AUTHORITY/SYSTEM.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Missing authorization check in SAP HCM Fiori ""People Profile"" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.1.1.6, 6.2.0.0 and 6.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile Product Lifecycle Management for Process, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Mobile Gangway and Mustering). The supported version that is affected is 7.3.874. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload). Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Argus Safety. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7 and 6.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Labor Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Labor Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Labor Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7 and 6.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Labor Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Labor Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Labor Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in takeover of Oracle Banking Payments. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Hedge Management and IFRS Valuations, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Merchandising System. While the vulnerability is in Oracle Retail Merchandising System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4.007. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Planning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Planning. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data as well as unauthorized read access to a subset of Enterprise Manager Ops Center accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. While the vulnerability is in Siebel Core - Server Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hardware Management Pack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hardware Management Pack accessible data as well as unauthorized read access to a subset of Hardware Management Pack accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Core Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Core Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data as well as unauthorized update, insert or delete access to some of Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Management accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Profile). The supported version that is affected is 8.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,HIGH
"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Content. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle GoldenGate accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.7, 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management System accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Fleet Management System. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony First Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony First Edition accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Basic. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Basic, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Basic accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Basic accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Basic. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Basel Regulatory Capital Basic accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Basel Regulatory Capital Basic accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Back Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Back Office. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Integration Bus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data as well as unauthorized read access to a subset of Oracle Retail Integration Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L).",PHYSICAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,LOW
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications (subcomponent: BDI Job Scheduler). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Bulk Data Integration, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Bulk Data Integration accessible data as well as unauthorized read access to a subset of Oracle Retail Bulk Data Integration accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is 10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE LNP Application Processor accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via IPMI to compromise Hardware Management Pack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hardware Management Pack accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting. While the vulnerability is in Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GlassFish Server accessible data as well as unauthorized access to critical data or complete access to all Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Hyperion Data Relationship Management. While the vulnerability is in Hyperion Data Relationship Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L).",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). The supported version that is affected is Prior to 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. Note: Please refer to MOS document",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Core RDBMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Order Management executes to compromise Oracle Order Management. Successful attacks of this vulnerability can result in takeover of Oracle Order Management. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality OPERA 5 Property Services executes to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",LOCAL,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Logging). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x and 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8, 2.9 and 2.10. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). The supported version that is affected is 9.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management System accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Products). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Report Server Config). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Reports). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft HRMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft HRMS accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Sales Audit. While the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Sales Audit accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L).",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,LOW,LOW
"Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.9.5.6 and 2.9.5.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Lucas. Successful attacks of this vulnerability can result in takeover of MICROS Lucas. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Integrations). Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Open Commerce Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). Supported versions that are affected are 7.3.5 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 9.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Interaction Hub. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). The supported version that is affected is 6.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Agile Product Lifecycle Management for Process executes to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N).",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Essbase Administration Services accessible data as well as unauthorized read access to a subset of Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1, 16.2, 17.1-17.12 and 18.1-18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Fleet Management. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware (subcomponent: Core Components). The supported version that is affected is 11.1.1.5.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Analytics accessible data as well as unauthorized read access to a subset of Oracle Identity Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via Portmap v3 to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Identity Manager. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,LOW
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dashboard). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and Security). The supported version that is affected is 11.1.2.4.345. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hyperion Data Relationship Management. While the vulnerability is in Hyperion Data Relationship Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Manager). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Virtual Directory accessible data as well as unauthorized read access to a subset of Oracle Virtual Directory accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Virtual Directory. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).",LOCAL,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Text. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Text, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Text as well as unauthorized update, insert or delete access to some of Oracle Text accessible data. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,HIGH
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications (subcomponent: Segment). Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Engagement. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Engagement accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Engagement accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Engagement. CVSS 3.0 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,LOW,HIGH,LOW
"Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Customer). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Relate CRM Software accessible data as well as unauthorized access to critical data or complete access to all MICROS Relate CRM Software accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of ""Object"" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""XML Interface to Messaging, Scheduling, and Signaling"" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""Web App"" component. It allows remote attackers to bypass intended restrictions on cookie persistence.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the ""WebKit"" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the ""System Preferences"" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the ""iCloud Drive"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Notes"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""CoreFoundation"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the ""PluginKit"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""Quick Look"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the ""CoreFoundation"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""NSURLSession"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""File System Events"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""Find My iPhone"" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the ""Find My iPhone"" feature via vectors involving a backup restore.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the ""Mail"" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Accessibility Framework"" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the ""iBooks"" component. It allows man-in-the-middle attackers to spoof a password prompt.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the ""Swift for Ubuntu"" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the ""Mail"" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to overwrite cookies via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""libxpc"" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the ""Siri"" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Firmware"" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"WebExtensions can bypass normal restrictions in some circumstances and use ""browser.tabs.executeScript"" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged ""about:"" pages. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"If Media Capture and Streams API permission is requested from documents with ""data:"" or ""blob:"" URLs, the permission notifications do not properly display the originating domain. The notification states ""Unknown protocol"" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the ""webRequest"" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebExtensions can use request redirection and a ""filterReponseData"" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the ""SEE_MASK_FLAG_NO_UI"" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A mechanism to bypass Content Security Policy (CSP) protections on sites that have a ""script-src"" policy of ""'strict-dynamic'"". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the ""require.js"" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified ""older"" Android platforms, allows Same Origin Policy Bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified ""older"" Android platforms, allows Same Origin Policy Bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory ""C:\ProgramData\Heimdal Security\Heimdal Agent"" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than ""read-only"" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in ""host-only"" or ""bridged"" mode. VCMP guests which are ""isolated"" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in ""Appliance Mode"" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as ""host-only"" or ""bridged"" mode is required.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable ""dnsexpress.notifyport"" is set to any value other than the default of ""0"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"""deny-answer-aliases"" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an ""insecurely created named pipe"". Ensures full access to Everyone users group.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Code Execution in Saperion Web Client version 7.5.2 83166.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote password change in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an ""insecurely created named pipe."" Ensures full access to Everyone users group.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an ""insecurely created named pipe."" Ensures full access to Everyone users group.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a ""kill `cat /pathname/icinga2.pid`"" command, as demonstrated by icinga2.init.d.cmake.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: ""user""' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument.  NOTE: this issue exists because of an incomplete fix for CVE-2017-2849.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used ""group blacklisting"" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude(""../pathname/executable.jpeg"")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,LOW
"Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass ""Find My Phone"" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka ""Internet Explorer Security Feature Bypass Vulnerability."" This affects Internet Explorer 11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka ""Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability."" This affects Microsoft Wireless Keyboard 850.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka ""Internet Explorer Security Feature Bypass Vulnerability."" This affects Internet Explorer 11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka ""Windows Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka ""Windows Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka ""Cortana Elevation of Privilege Vulnerability."" This affects Windows 10 Servers, Windows 10.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka ""Microsoft Outlook Security Feature Bypass Vulnerability."" This affects Microsoft Office.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka ""Microsoft Exchange Memory Corruption Vulnerability."" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka ""HIDParser Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka ""Windows Image Elevation of Privilege Vulnerability."" This affects Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka "".NET Framework Elevation of Privilege Vulnerability."" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka ""Windows Desktop Bridge Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ""Windows Remote Code Execution Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka ""Windows Desktop Bridge Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka ""Windows DNSAPI Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka ""HTTP.sys Denial of Service Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka ""HTTP Protocol Stack Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka ""Skype for Business and Lync Security Feature Bypass Vulnerability."" This affects Skype, Microsoft Lync.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka ""Microsoft Office Elevation of Privilege Vulnerability."" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka ""Microsoft Cortana Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka ""Microsoft Exchange Remote Code Execution Vulnerability."" This affects Microsoft Exchange Server.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka ""Scripting Engine Security Feature Bypass Vulnerability."" This affects Microsoft Edge, ChakraCore.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka ""Windows DNSAPI Denial of Service Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka ""WordPad Security Feature Bypass Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka ""Windows Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka ""Windows DNS Security Feature Bypass Vulnerability."" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka ""Linux On Windows Elevation Of Privilege Vulnerability."" This affects Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ""Win32k Graphics Remote Code Execution Vulnerability."" This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka ""Windows Installer Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka ""AD FS Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka ""Windows NDIS Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka ""Windows NDIS Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka ""Microsoft Browser Elevation of Privilege Vulnerability."" This affects Internet Explorer 11, Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This affects Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka ""Windows Registry Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka ""Microsoft JScript Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka ""Word PDF Remote Code Execution Vulnerability."" This affects Microsoft Word, Microsoft Office.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka ""Windows ALPC Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka ""Microsoft Exchange Server Elevation of Privilege Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka ""Device Guard Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka ""Scripting Engine Information Disclosure Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka ""Windows Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ""DirectX Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka ""Device Guard Code Integrity Policy Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka ""Microsoft PowerPoint Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka ""Microsoft Excel Remote Code Execution Vulnerability."" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka ""Microsoft Word Remote Code Execution Vulnerability."" This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka ""Team Foundation Server Remote Code Execution Vulnerability."" This affects Team.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka ""Microsoft Edge Security Feature Bypass Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege exists in Windows COM Aggregate Marshaler, aka ""Windows COM Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka ""Windows Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ""DirectX Elevation of Privilege Vulnerability."" This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ""DirectX Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka ""BitLocker Security Feature Bypass Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ""Windows Win32k Elevation of Privilege Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka ""Windows Elevation Of Privilege Vulnerability."" This affects Windows 10, Windows Server 2019.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka ""Microsoft Exchange Server Tampering Vulnerability."" This affects Microsoft Exchange Server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the ""shortcode"" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an ""if(pwd =="" line in the HTML source code. This means, in effect, that authentication occurs only on the client side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp.  NOTE: this may overlap CVE-2014-3791.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick ""``"" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick ""``"" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick ""``"" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a ""docker exec"" command with that value in the -u argument, a similar issue to CVE-2016-3697.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"libqpdf.a in QPDF through 8.0.2 mishandles certain ""expected dictionary key but found non-name object"" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120843827",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122361874",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120276962",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mailcow 0.14, as used in ""mailcow: dockerized"" and other products, has CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
"Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119501435",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, ""flag = *(o->data + 3)"" places one beyond the 3 bytes, because the code should have been ""flag = *(o->data + 1)"" instead.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109753657",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111850706",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121150966",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Postmatic plugin before 1.4.6 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In NFC server, there's a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118148142",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215173",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""CLink4Service"" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035224,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114746174",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112768568",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705155,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the ""Create/modify other users, groups and permissions"" privilege can inject script and can also achieve privilege escalation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774502,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111895000",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214739",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495362,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118619159",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115908308,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883824",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116617847,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100484,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117216549,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116114402",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100617",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118143575",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661116",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764444",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116019594",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117660045",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED **   An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is  a behavior that might have legitimate applications in (for example)  loading serialized Python object arrays from trusted and authenticated  sources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118494320",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112856493",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112715795,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112707186,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112553431,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79593569",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112713720,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509210",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118138797,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112712154,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112709994",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Prospecta Master Data Online (MDO) allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052062,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116267405",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747155",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747410",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112923309",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112858430",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859714",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116474108",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113508105",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113262406",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117935831",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117495174",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118145923",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611181",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610057",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117655547",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552816",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112611363",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118766492",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762807,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552517,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112272091,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050583",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112380157,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204845,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214770",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214470",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112050983",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115903122",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112106425",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79883568",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117569833",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117567437",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450079",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407544",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214766",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110846194",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80546108",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-91544774",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libopenmpt before 0.3.13 allows a crash with malformed MED files.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
kkcms 1.3 has jx.php?url= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,HIGH
"Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,HIGH
"The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka ""Windows SAM and LSAD Downgrade Vulnerability"" or ""BADLOCK.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka ""BADLOCK.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka ""Bluetooth Stack Vulnerability.""",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SilverStripe through 4.3.3 allows session fixation in the ""change password"" form.",PHYSICAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SilverStripe assets 4.0, there is broken access control on files.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MDaemon Webmail (formerly WorldClient) has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Prospecta Master Data Online (MDO) 2.0 has Stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ogma CMS 0.5 has XSS via creation of a new blog.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Ogma CMS 0.4 Beta has XSS via the ""Footer Text footer"" field on the ""Theme/Theme Options"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-piwik plugin before 1.0.5 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The quotes-and-tips plugin before 1.20 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the ""|"" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.,ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the ""user"" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Chamilo LMS version 11.x contains an Unserialization vulnerability in the ""hash"" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libpng before 1.6.32 does not properly check the length of chunks against the user limit.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
OpenEMR v5.0.1-6 allows code execution.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OpenEMR v5.0.1-6 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via ""cookie tossing"" a CSRF cookie from a subdomain of a Jira instance.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The icegram plugin before 1.9.19 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""PayWinner"" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable ""maxTickets"" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NIUSHOP V1.11 has CSRF via search&#95;info to index.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress before 5.2.3 allows XSS in stored comments.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ""connections"" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of ""instruction oracle.""",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress before 5.2.3 allows reflected XSS in the dashboard.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress before 5.2.3 allows XSS in shortcode previews.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a ""This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)"" message.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The avada theme before 5.1.5 for WordPress has stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The formcraft3 plugin before 3.4 for WordPress has stored XSS via the ""New Form > Heading > Heading Text"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Limesurvey before 3.17.14, the entire database is exposed through browser caching.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sakai through 12.6 allows XSS via a chat user name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gophish through 0.8.0 allows XSS via a username.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the Schiocco ""Support Board - Chat And Help Desk"" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The liveforms plugin before 3.2.0 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a ""reactive jamming"" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Misskey before 10.102.4 allows hijacking a user's token.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eGain Chat 15.0.3 allows unrestricted file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states ""RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The link-log plugin before 2.1 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted ""changed value of"" text.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The webp-express plugin before 0.14.8 for WordPress has stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The JobCareer theme before 2.5.1 for WordPress has stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The easy-property-listings plugin before 3.4 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark products have a Buffer Overflow (issue 3 of 3).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark products have a Buffer Overflow (issue 2 of 3).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the ""Ultimate Member - User Profile & Membership"" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the ""Primary button Text"" or ""Second button text"" field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user ""root"" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-database-backup plugin before 4.3.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has ""Improper Neutralization of Special Elements used in an OS Command,"" allowing attackers to execute OS commands via an HTTP GET parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a ""standalone"" or ""timestamp"" signature.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when any other backend authentication is used. The RADIUS authentication method is not vulnerable, for example.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a ""user id"" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
XSS exists in Ping Identity Agentless Integration Kit before 1.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Discourse 2.3.2 sends the CSRF token in the query string.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The akismet plugin before 3.1.5 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Various Lexmark products have an Integer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Various Lexmark products have CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ClickHouse before 1.1.54388, ""remote"" table function allowed arbitrary symbols in ""user"", ""password"" and ""default_database"" fields which led to Cross Protocol Request Forgery Attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the ""homepage title"" parameter, aka the adm/config_form_update.php cf_title parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the ""product"" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gigpress plugin before 2.3.11 for WordPress has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The corner-ad plugin before 1.0.8 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The check-email plugin before 0.5.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The email-newsletter plugin through 20.15 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The sharebar plugin before 1.2.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-rollback plugin before 1.2.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the ""built-in (old)"" file browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-members plugin before 3.2.8 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-polls plugin before 2.72 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The cp-polls plugin before 1.0.5 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClickHouse MySQL client before versions 1.1.54390 had ""LOAD DATA LOCAL INFILE"" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The anycomment plugin before 0.0.33 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Status Board 1.1.81 has reflected XSS via dashboard.ts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of ""OR 1=1"" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka ""KNOB"") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Former before 4.2.1 has XSS via a checkbox value.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the ""Execute Program Action(s)"" feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DfE School Experience before v16333-GA has XSS via a teacher training URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jooby before 1.6.4 has XSS via the default error handler.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the ""Execute Program Action(s)"" feature.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132082342.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Domoticz 4.10717 has XSS via item.Name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The give plugin before 2.4.7 for WordPress has XSS via a donor name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gnucommerce plugin before 1.4.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Status Board 1.1.81 has reflected XSS via logic.ts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a ""deny all"" rule.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Neutralization of Input During Web Page Generation (""Cross-site Scripting"") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.10.0 to 7.10.2 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ebook-download plugin before 1.2 for WordPress has directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cforms2 plugin before 10.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a ""%{}"" sequence in a tag attribute, aka forced double OGNL evaluation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-slimstat plugin before 4.8.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-131105245.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124899895.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127605586.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The total-security plugin before 3.4.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The universal-analytics plugin before 1.3.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-132438333.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The embed-comment-images plugin before 0.6 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The duplicate-post plugin before 2.6 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The duplicate-post plugin before 2.6 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The smokesignal plugin before 1.2.7 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The megamenu plugin before 2.4 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The moreads-se plugin before 1.4.7 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The my-wp-translate plugin before 1.0.4 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-all-import plugin before 3.4.6 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The codection ""Import users from CSV with meta"" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"OpenJPEG 2.3.0 has a NULL pointer dereference for ""red"" in the imagetopnm function of jp2/convert.c",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The rimons-twitter-widget plugin before 1.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The realty plugin before 1.1.0 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that an attack is not ""realistically implementable.""",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The wp-all-import plugin before 3.4.7 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function ""AllBarCodes"" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The user-access-manager plugin before 1.2 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the ""access policy in the administration panel.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The visitors-online plugin before 0.4 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The olimometer plugin before 2.57 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The xo-security plugin before 1.5.3 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""HTML Include and replace macro"" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,LOW,LOW
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The uji-countdown plugin before 2.0.7 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The content-audit plugin before 1.9.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ad-buttons plugin before 2.3.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The updater plugin before 1.35 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The js-jobs plugin before 1.0.7 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""CP Contact Form with PayPal"" plugin before 1.2.98 for WordPress has XSS in CSS edition.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: ""ND_PRINT((ndo, ""%s"", buf));"", in function named ""print_prefix"", in ""print-hncp.c"". The attack vector is: The victim must open a specially crafted pcap file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0723.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1228.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the ""Synchronize, import, and export configuration"" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The google-document-embedder plugin before 2.6.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The google-document-embedder plugin before 2.6.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1154, CVE-2019-1158.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1158.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1148, CVE-2019-1153.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a ""Transfer-Encoding: chunked"" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The note-press plugin before 0.1.2 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via setadapterbatteryreport command.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The twitter-plugin plugin before 2.55 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The contact-form-plugin plugin before 3.52 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-plugin plugin before 3.96 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mail message display page in SquirrelMail through 1.4.22 has XSS via a ""<math xlink:href="" attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mail message display page in SquirrelMail through 1.4.22 has XSS via a ""<form action='data:text"" attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mail message display page in SquirrelMail through 1.4.22 has XSS via a ""<svg><a xlink:href="" attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
The liveforms plugin before 3.4.0 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Recommender before 2018-07-18 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cognitoys Dino devices allow profiles_add.html CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""CP Contact Form with PayPal"" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Transition Technologies ""The Scheduler"" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php ""Import items"" feature, it is possible to load a crafted CSV file with an XSS payload.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bagisto 0.1.5 allows CSRF under /admin URIs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.15 does not block a username of ssl (SEC-328).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).,NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,LOW,NONE
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"cPanel before 58.0.4 allows WHM ""Purchase and Install an SSL Certificate"" page visitors to list all server domains (SEC-133).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
verdaccio before 3.12.0 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An XSS vulnerability in the ""Email Subscribers & Newsletters"" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""addon domain conversion"" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,HIGH,HIGH
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as ""HTML safe"" and used as attribute values in tag handlers.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain ""[nil]"" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).,NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).,NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,NONE
"Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when ""%pragma limit"" is mishandled.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"cPanel before 74.0.8 allows self XSS in the WHM ""Create a New Account"" interface (SEC-428).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.",ADJACENT_NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the ""/\0"" name).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,LOW
"An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
pandao Editor.md 1.5.0 allows XSS via the Javas&#99;ript: string.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a ""SECTION"" type that has a ""0"" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TestLink 1.9.19 has XSS via the error.php message parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
parse-server before 3.4.1 allows DoS after any POST to a volatile class.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"cPanel before 70.0.23 allows stored XSS via a WHM ""Delete a DNS Zone"" action (SEC-375).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
invenio-communities before 1.0.0a20 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
invenio-records before 1.2.2 allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Tridactyl before 1.16.0 allows fake key events.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASH-AIO before 2.0.0.3 allows an open redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a ""url ="" line in a .lfsconfig file within a repository.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
invenio-previewer before 1.0.0a12 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
stacktable.js before 1.0.4 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do ""File Explorer"" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) ""C:"" then one can browse the whole server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"cPanel before 76.0.8 has Stored XSS in the WHM ""Reset a DNS Zone"" feature (SEC-461).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the ""Monitoring > Status Details > Services"" screen.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is: Hacker inputs a SQL to a vulnerable vector(header, http parameter, etc). The fixed version is: 1.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MDM9640, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the ""multiple bytes per line"" case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the ""one byte per line"" case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If the ALT and ""a"" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Files with the .JNLP extension used for ""Java web start"" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Moodle 3.x has Server Side Request Forgery in the filepicker.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequent logic gets executed everytime in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9880, QCA9886, QCA9980, QCN5502, QCS404, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value ""init_script""-""Monitoring Engine Binary"" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the ""Extra Contents"" parameter, aka the adm/config_form_update.php cf_1~10 parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the ""Menu Link"" parameter, aka the adm/menu_list_update.php me_link parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the ""board title contents"" parameter, aka the adm/board_form_update.php bo_subject parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the ""mobile board tail contents"" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen.",ADJACENT_NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to ""permanent trackability"" and ""considerable privacy concerns"" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SDM439, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object ""<GUID>_CisSharedMemBuff"". This section object is exposed by CmdAgent and contains a SharedMemoryDictionary object, which allows a low privileged process to modify the object data causing CmdAgent.exe to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port ""cmdServicePort"". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to ""cmdServicePort"". Once this occurs, a specially crafted message can be sent to ""cmdServicePort"" using ""FilterSendMessage"" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCS405, QCS605, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a ""redirect"" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a ""newurl"" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the ""nr_cbufs"" argument.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an ""Add a new Profile"" action to the File Picker.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the ""Link Tickets"" feature, 3- a request to the endpoint fetches js and executes it.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in ""Name"", ""Location"", ""Bio"" and ""Starting Page"" fields in the ""My Account"" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
HexoEditor v1.1.8-beta is affected by: XSS to code execution.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Intuit Lacerte 2017 has Incorrect Access Control.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists, it will be truncated and the contents completely overwritten. This file is removed on disconnect. An unprivileged user can create a hard or soft link to arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the ""No unsafe lua allowed"" code block is skipped.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invoxia NVX220 devices allow TELNET access as admin with a default password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the ""Blip"" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. Presumably this happens as the memory footprint provided to this device is very small. According to the specs from Rezolt, the Wi-Fi module only has 256k of memory. As a result, an incorrect string copy operation using either memcpy, strcpy, or any of their other variants could result in filling up the memory space allocated to the function executing and this would result in memory corruption. To test the theory, one can modify the demo application provided by the Cypress WICED SDK and introduce an incorrect ""memcpy"" operation and use the compiled application on the evaluation board provided by Cypress semiconductors with exactly the same Wi-Fi SOC. The results were identical where the device would completely stop responding to any of the ping or web requests.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a ""cwd restore permission bypass.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Intersystems Cache 2017.2.2.865.0 allows XXE.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka ""Microsoft Outlook Security Feature Bypass Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI before 5.5.4 has XSS in the auto login admin management page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary ""sonia"" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user's cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary ""sonia"" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value ""Sender not authorized.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary ""sonia"" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro, one will notice that this follows a ARM little endian format. The function sub_3DB2FC in IDA pro is identified to be setting up the values at address 0x003DB5A6. The sub_5C057C then sets this value and adds it to the Configuration files in /mnt/mtd/Config/Account1 file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117997080.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117105007.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124107808.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a ""Sweet32"" attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in mxGraph through 4.0.0, related to the ""draw.io Diagrams"" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a three backtick wrapped payload with a character in front: L: ""```<script>alert();</script>```"". NOTE: This has been argued as a non-issue (see references) since it is not the parser's job to sanitize malicious code from a parsed document.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a ""system"" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""cgibox"" is the one that has the vulnerable function ""sub_7EAFC"" that receives the values sent by the GET request. If we open this binary in IDA-pro we will notice that this follows a ARM little endian format. The function sub_7EAFC in IDA pro is identified to be receiving the values sent in the GET request and the value set in GET parameter ""user"" is extracted in function sub_7E49C which is then passed to the vulnerable system API call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OX Guard 2.8.0 has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Subrion CMS before 4.1.4 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because ""the cache directory is not under control of the attacker in any common configuration.""",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with ""If: <http://"" in a PROPFIND request, as exploited in the wild in July or August 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Linear eMerge E3-Series devices allow Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows ""Read / write overflow in make_secret()"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the ""locked"" attribute to ""false"" within the ""Locking"" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Optergy Proton/Enterprise devices have Hard-coded Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ""JEXTN Question And Answer"" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the ""Set Security Levels"" or ""View User/Group Relationships"" page. If the attacker does not currently have permission to create a new user, another vulnerability such as CSRF must be exploited first.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a ""python"" ""files"" ""content"" JSON file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the ""ApMsgFwd File Mapping Object"" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the ""X-Forwarded-for"" HTTP header.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,LOW
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a ""correctly signed"" message indication, but display different unauthenticated text.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the ""username"" GET parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Akamai CloudTest before 58.30 allows remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status.  NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A ""search for user discovery"" injection issue exists in Creatiwity wityCMS 0.6.2 via the ""Utilisateur"" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse ""%PROGRAMFILES%\BFK 5.2.9\syscrb.exe"" file because of insecure permissions for the BUILTIN\Users group.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Symphony before 3.3.0, there is XSS in the Title under Post. The ID ""articleTitle"" of this is stored in the ""articleTitle"" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""utilisateur"" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the ""first name"" and ""last name"" parameters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a NULL Pointer Dereference vulnerability due to not validating the size of the output buffer value from IOCtl 0x80002028.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206F.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the ""NewInMessage"" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""miniupnpd"" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter ""NewInMesage"" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a ""system"" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""goahead"" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter ""ip_address"" is extracted at address 0x0043C2F0. The POST parameter ""ipaddress"" is concatenated at address 0x0043C958 and this is passed to a ""system"" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a ""popen"" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""goahead"" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter ""dest"" is extracted at address 0x00420FC4. The POST parameter ""dest is concatenated in a route add command and this is passed to a ""popen"" function at address 0x00421220. This allows an attacker to provide the payload of his/her choice and finally take control of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called ""get_file.sh"" which allows a user to retrieve any file stored in the ""cmh-ext"" folder on the device. However, the ""filename"" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder ""cmh-ext"" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in overflowing the stack set up and allow an attacker to control the $ra register stored on the stack. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""goahead"" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request. The POST parameter ""gateway"" allows to overflow the stack and control the $ra register after 1546 characters. The value from this post parameter is then copied on the stack at address 0x00421348 as shown below. This allows an attacker to provide the payload of his/her choice and finally take control of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"b3log Solo 2.9.3 has XSS in the Input page under the ""Publish Articles"" menu with an ID of ""articleTags"" stored in the ""tag"" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118453553",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-116665972",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the ""mssid_1"" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function named ""getCfgToHTML"" at address 0x004268A8 which retrieves the value set earlier by ""mssid_1"" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""goahead"" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter ""mssid_1"" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function ""getCfgToHTML"" at address 0x00426924 and this results in overflowing the buffer due to ""strcat"" function that is utilized by this function.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the ""mssid_1"" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary ""webServer"" located in Almond folder, which retrieves the value set earlier by ""mssid_1"" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary ""goahead"" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter ""mssid_1"" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack.",NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118152591",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In readNullableNativeHandleNoDup of Parcel.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-120084106",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-111660010",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120497437",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120499324",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120503926",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120497583",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120664978",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114237888",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120428041",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114238578",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116788646",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116321860",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: ""SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by ""control_Dev_thread"" function which at address ""0x00409AE0"" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function ""setwifiname"". The function ""setwifiname"" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called ""avilib.dll"" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function ""sendchangepass"" which allows a user to change the Wi-Fi password on the device. This function calls a sub function ""sub_75876EA0"" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The ""sendchangepass"" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function ""sub_75876EA0"" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called ""avilib.dll"" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function ""sendchangename"" which allows a user to change the Wi-Fi name on the device. This function calls a sub function ""sub_75876EA0"" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The ""sendchangename"" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function ""sub_75876EA0"" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: ""SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by ""control_Dev_thread"" function which at address ""0x00409AE4"" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function ""setwifipassword"". The function ""setwifipassword"" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-121035711",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A privilege escalation vulnerability in the ""support access"" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a weakness in the ""support access"" password generation algorithm. A locally authenticated administrative user may be able to exploit this vulnerability if the ""support access"" feature is enabled, they know the support access code for the current session, and they know the algorithm to generate the support access password from the support access code. ""Support access"" is disabled by default. When enabled, the access will be automatically disabled (and support access code will expire) after the 24 hours.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is ""RedirectURL"". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url ""/port_3480"". It seems that the UPnP services provide ""file"" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the ""parameters"" query string variable and then passes it to an internal function ""FileUtils::ReadFileIntoBuffer"" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters ""../"" and read files from other folders within the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which allows the device to create relay ports and connect the device to Vera servers. This is primarily used as a method of communication between the device and Vera servers so the devices can be communicated with even when the user is not at home. One of the parameters retrieved by this specific script is ""remote_host"". This parameter is not sanitized by the script correctly and is passed in a call to ""eval"" to execute another script where remote_host is concatenated to be passed a parameter to the second script. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url ""/port_3480"". It seems that the UPnP services provide ""wget"" as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter ""URL"" from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Graphics Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who navigates to an attacker controlled page to install or delete an application on the device. Note: The cross-site request forgery is a systemic issue across all other functionalities of the device.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific request to and from from another website. This is primarily used as a method of communication between the device and Vera website when the user is logged in to the https://home.getvera.com and allows the device to communicate between the device and website. One of the parameters retrieved by this specific script is ""url"". This parameter is not sanitized by the script correctly and is passed in a call to ""eval"" to execute ""curl"" functionality. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url ""/port_3480"". It seems that the UPnP services provide ""request_image"" as one of the service actions for a normal user to retrieve an image from a camera that is controlled by the controller. It seems that the ""URL"" parameter passed in the query string is not sanitized and is stored on the stack which allows an attacker to overflow the buffer. The function ""LU::Generic_IP_Camera_Manager::REQ_Image"" is activated when the lu_request_image is passed as the ""id"" parameter in query string. This function then calls ""LU::Generic_IP_Camera_Manager::GetUrlFromArguments"" and passes a ""pointer"" to the function where it will be allowed to store the value from the URL parameter. This pointer is passed as the second parameter $a2 to the function ""LU::Generic_IP_Camera_Manager::GetUrlFromArguments"". However, neither the callee or the caller in this case performs a simple length check and as a result an attacker who is able to send more than 1336 characters can easily overflow the values stored on the stack including the $RA value and thus execute code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url ""/port_3480"". It seems that the UPnP services provide ""request_image"" as one of the service actions for a normal user to retrieve an image from a camera that is controlled by the controller. It seems that the ""res"" (resolution) parameter passed in the query string is not sanitized and is stored on the stack which allows an attacker to overflow the buffer. The function ""LU::Generic_IP_Camera_Manager::REQ_Image"" is activated when the lu_request_image is passed as the ""id"" parameter in the query string. This function then calls ""LU::Generic_IP_Camera_Manager::GetUrlFromArguments"". This function retrieves all the parameters passed in the query string including ""res"" and then uses the value passed in it to fill up buffer using the sprintf function. However, the function in this case lacks a simple length check and as a result an attacker who is able to send more than 184 characters can easily overflow the values stored on the stack including the $RA value and thus execute code on the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,NONE
"** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the ""echo -e"" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in ""process_headers"" function in ""gunicorn/http/wsgi.py"" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NGA ResourceLink 20.0.2.1 allows local file inclusion.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tubigan ""Welcome to our Resort"" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says ""is intentional.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an ""outside the range of representable values of type long"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports ""This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Helpy v2.1.0 has Stored XSS via the Ticket title.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Count per Day"" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,NONE,HIGH
"An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the ""sctp_sendmsg()"" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the ""example app"" provided by the project are at highest risk.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0990.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1023.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1033, CVE-2019-1036.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the ""XML"" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0709.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0711, CVE-2019-0713.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0722.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0709, CVE-2019-0722.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the "">& fd"" syntax.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is ""*"" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119292397.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters ""to1,to2,to3,to4"" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on ""free time"" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An invalid read of 8 bytes due to a use-after-free vulnerability during a ""return"" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-129068792.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123583388.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An invalid read of 8 bytes due to a use-after-free vulnerability during a ""NULL test"" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter ""iw_serverip"" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter ""iw_board_deviceName"" is susceptible to this injection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter ""srvName"" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie ""Password508"" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ""Microsoft SharePoint Remote Code Execution Vulnerability."" This affects Microsoft SharePoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an ""admin-auth"" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MyBB 1.8.19 has XSS in the resetpassword function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting ""enabled"". The default value for the tm.tcpprogressive db variable is ""negotiate"". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the ""err"" parameter of the error process HTTP requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple 2.2.10 has XSS via the m1_name parameter in ""Add Article"" under Content -> Content Manager -> News.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending ""magic bytes"" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html ""System contact"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The ""action"" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""IOSurface"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under ""possibly insecure"" suspicions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"In BlueZ 5.42, a buffer over-read was observed in ""l2cap_dump"" function in ""tools/parser/l2cap.c"" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by ""php"" as a filename.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the ""cgi_untar"" command. Other commands might also be susceptible. Code can be executed because the ""name"" parameter passed to the cgi_unzip command is not sanitized.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820, SD 820A, SD 835, SDX20, SDX24, Snapdragon_High_Med_2016",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a ""pages/cpu"" printk call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Data length received from firmware is not validated against the max allowed size which can result in buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libwebp 0.5.1, there is a double free bug in libwebpmux.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper buffer length validation in WLAN function can lead to a potential integer oveflow issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the ""allow_active"" element rather than ""allow_any"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
"WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the ""author_name"":"" substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program ""set"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 allows Authenticated Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 has Default Credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Computrols CBAS 18.0.0 has hard-coded encryption keys.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of ""/api/json/admin/getmailserversettings"" and ""/api/json/dashboard/gotoverviewlist"" is vulnerable to a Blind SQL Injection attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerability. Successful exploitation could lead to remote code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the ""Group Chat"" or ""Alarm"" section. This functionality can be abused by a malicious user by uploading a web shell.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php ""create survey and submit survey"" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. Successful exploitation could lead to remote code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ProjectSend before r1053. XSS exists in the ""Name"" field on the My Account page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a ""$uri = stream_get_meta_data(fopen($file, ""r""))['uri']"" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An error within the ""parse_sinar_ia()"" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A type confusion error within the ""unpacked_load_raw()"" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the validity of the signing key, which allows remote attackers to spoof arbitrary email signatures by crafting a key with a fake user ID (email address) and injecting it into the user's keyring.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a ""jmx_rmi remote monitoring and control problem."" NOTE: this is not an Oracle supported product.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.,NETWORK,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka ""Kerberos Security Feature Bypass Vulnerability.""",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GoHTTP through 2017-07-25 has a sendHeader use-after-free.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field (""kid"") of the IdP's HTTP response message (""WLS-Response"") can be manipulated by an attacker. The ""kid"" field is not signed like the rest of the message, and manipulation is therefore trivial. The ""kid"" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""8 of 9. Out of Bounds read and write.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""7 of 9. Out of Bounds read.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""5 of 9. Integer Overflow.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""4 of 9. Out of Bounds Reads.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""3 of 9. Buffer Overflow in version field in lib/tnef-types.h.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as ""1 of 9. Null Pointer Deref / calloc return value not checked.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka ""Windows Mount Point Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0006.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka ""Windows Mount Point Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0007.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka ""DirectShow Heap Corruption Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0947.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"".",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka ""Windows Lock Screen Elevation of Privilege Vulnerability.""",PHYSICAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11813.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka ""Windows Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a ""service ipmievd restart"" loop.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions ""the Samsung Security Team considered this issue as no/little security impact.""",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request ""resolve conflicts"" page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka ""Windows GDI Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""Windows GDI32.dll ASLR Bypass Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka ""Microsoft PDF Library Buffer Overflow Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the administration page in IPBRICK OS 6.3. There are multiple XSS vulnerabilities.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka ""Secure Boot Security Feature Bypass.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted ""change batch"" data, aka ""Windows DLL Loading Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka ""Windows Session Object Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3306.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Tubigan ""Welcome to our Resort"" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the ""Domain"" field on the ""DNS Functions > ""Add DNS Zone"" screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka ""Windows Journal Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka ""Microsoft Windows Reader Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka ""Netlogon Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the ""hook"" URL parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default ""Bluetooth On"" value must be present in Settings.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1) Title, (2) Favicon, (3) Meta Description, (4) Subscribe Form (Name field label, Last name field label, Email field label), (5) Contact Form (Name field label and Email field label), and (6) Social Links (Facebook Page URL, Twitter Page URL, Instagram Page URL, YouTube Page URL, Linkedin Page URL, Google+ Page URL, RSS URL).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FreeRADIUS before 3.0.19 mishandles the ""each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used"" protection mechanism, aka a ""Dragonblood"" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka ""Windows GDI+ Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the ""/ossim/report/wizard_email.php"" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ""Site options"" in the admin panel dashboard dropdown.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5) imgid, (6) cat, or (7) orderby parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the ""<img src=# onerror='eval(new Buffer("" substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. (""parallax"" has a spelling change within the PHP filename.)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka ""Win32k Graphics Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8683.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the ""WebKit"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by ""Content Length"" instead of ""Content-Length.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zcash 2.x allows an inexpensive approach to ""fill all transactions of all blocks"" and ""prevent any real transaction from occurring"" via a ""Sapling Wood-Chipper"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by ""def cmd ="" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9 Android ID: A-120445479",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka ""Microsoft Active Directory Federation Services Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka ""Active Directory Denial of Service Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka ""Windows DNS Server Use After Free Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka ""Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka ""Windows Virtual PCI Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Installer Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka ""Windows Common Log File System Driver Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka ""Windows Remote Assistance Information Disclosure Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.,PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and software, as demonstrated by TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2; FDT FD7902 11.3.14.1.3 and 10.3.14.1.3; FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815; and Dericam cameras V11.3.8.1.12.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone ""/netflow/jspui/linkdownalertConfig.jsp"" file in the groupDesc, groupName, groupID, or task parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone ""/netflow/jspui/linkdownalertConfig.jsp"" file in the autorefTime or graphTypes parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability has been fixed in software version 14.1(1i).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to ""upload file functionality.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Veeam ONE Reporter 9.5.0.3201 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Zotonic before version 0.47 has mod_admin XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Apache Karaf kar deployer reads .kar archives and extracts the paths from the ""repository/"" and ""resources/"" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with "".."" directory names and break out of the directories to write arbitrary content to the filesystem. This is the ""Zip-slip"" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to the insufficient validation of data supplied by external devices to the web-based management interface of an affected PCA device. An attacker in control of devices integrated with an affected PCA device could exploit this vulnerability by using crafted data in certain fields of the controlled devices. A successful exploit could allow the attacker to execute arbitrary script code in the context of the PCA web-based management interface or allow the attacker to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the ""WebKit Web Inspector"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The fulltext search component in phpBB before 3.2.6 allows Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the ""Documents"" area. This vulnerability is related to ""uploadDocFile.aspx"".",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PHPMailer 5.2.23 has XSS in the ""From Email Address"" and ""To Email Address"" fields of code_generator.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""default reports"" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading ""*from *code *flags"" lines in a debugfs file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka ""Windows GDI+ Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka ""Win32k Graphics Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8682.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"An issue was discovered in PublicCMS V4.0.20180210. There is a ""Directory Traversal"" and ""Arbitrary file read"" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading ""callback="" lines in a debugfs file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys) Android devices contain a pre-installed platform app with a package name of com.qualcomm.qti.telephony.extcarrierpack (versionCode=25, versionName=7.1.1) containing an exported broadcast receiver app component named com.qualcomm.qti.telephony.extcarrierpack.UiccReceiver that allows any app co-located on the device to programmatically perform a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu (versionName=1.0, platformBuildVersionName=8.1.0) that contains an exported activity app component named com.ts.android.hiddenmenu.rtn.RTNResetActivity that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with an exported content provider named com.suntek.mway.rcs.app.service.provider.message.MessageProvider and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a content provider named com.rcs.gsma.na.provider.message.MessageProvider allow any app co-located on the device to read, write, insert, and modify the user's text messages. This is enabled by an exported content provider app component that serves as a wrapper to the official content provider that contains the user's text messages. This app cannot be disabled by the user and the attack can be performed by a zero-permission app.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root.20161223.224055) that contains an exported broadcast receiver app component which allows any app co-located on the device to programmatically perform a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the ""CWP Settings > ""Edit Settings"" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a ""%{}"" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for ""Google Analytics code"" modification.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_add_titre.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability to obtain database sensitive information.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database sensitive information via modulecategory_edit_titre.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database sensitive information.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote normal registered user could exploit the vulnerability to obtain database sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability to obtain database sensitive information.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProjectSend before r1070 writes user passwords to the server logs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by ""stone lone"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a ""URL Handler"" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states ""Unknown origin"" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11856.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""CFNetwork"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the ""New name"" field in a Rename action.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the ""Execute Program Action(s)"" feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka ""Windows RRAS Service Remote Code Execution Vulnerability"".",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Lack of buffer length check before copying in WLAN function while processing FIPS event, can lead to a buffer overflow in Snapdragon Mobile in version SD 845.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow can happen in WLAN function due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overwrite can happen in WLAN due to lack of validation of the input length in Snapdragon Mobile in version SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 835, SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the ""as"" substring is deleted.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags """" then the system will know where to find it. However if the path of where the application binary is located doesn't contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by ""Josna Joseph"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states ""The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a ""redundant UVector entry clean up function call"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.",PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a ""dubious character `*' in name or alias field"" detection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"I, Librarian 4.10 has XSS via the notes.php notes parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is ""made editable on its own.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 ""CSRF validation failure"" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
whatsns 4.0 allows index.php?inform/add.html qid SQL injection.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a ""type confusion"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a ""type confusion"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a ""Python script text executable"" rule.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a ""Python script text executable"" rule.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120644655.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119496789.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120502559.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-121145627.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-121327565.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122320256",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119870451.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-121260197.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122316913.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) ""Filename"" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) ""DeviceName"" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ""../.."" using the FILECAMERA variable (sent by GET) to read files with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a ""mangled rename"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to ""Web site settings --> Basic setting --> Website title"" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is ""just a functional bug.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have ""if (!defined('ABSPATH')) {exit;}"" code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka "".NET CORE Denial Of Service Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the ""copyright information office"" field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SaltOS 3.1 r8126 contains a database download vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Subrion CMS 4.1.5 has CSRF in blog/delete/.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka ""ImageTragick.""",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an ""unterminated"" string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,LOW,NONE
"On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an ""include"" and point the ""path"" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In BlueZ 5.42, an out-of-bounds read was identified in ""packet_hexdump"" function in ""monitor/packet.c"" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker's fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the ""TestEmail"" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XXE issue in Airsonic before 10.1.2 during parse.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"""Clear History and Website Data"" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147710.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the ""login as other users"" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an ""ifconfig /usbserial up"" command or a ""mount -t /snd_pcm none /"" command.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
MKCMS V5.0 has SQL injection via the bplay.php play parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an ""nmap -f"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (""\f"").",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Due to unencrypted signal communication and predictability of rolling codes, an attacker can ""desynchronize"" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Abine Blur 7.8.2431 allows remote attackers to conduct ""Second-Factor Auth Bypass"" attacks by using the ""Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app."" approach, related to a ""Multifactor Auth Bypass, Full Disk Encryption Bypass"" issue affecting the Affected Chrome Plugin component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Rukovoditel before 2.4.1 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,HIGH
"An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the ""RDLENGTH"" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The ""Host"" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An error within the ""LibRaw::unpack()"" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Teclib GLPI through 9.3.3 has SQL injection via the ""cycle"" parameter in /scripts/unlock_tasks.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.,LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the ""_sctp_make_chunk()"" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.8.4 and earlier allows SSRF.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the ""Package Name"" field via the add_package module parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager ""Name"" field, which is reachable via a ""Create a new Template"" action to the Design Manager.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple 2.2.10 has XSS via the myaccount.php ""Email Address"" field, which is reachable via the ""My Preferences -> My Account"" section.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an ""Add Category"" action to the ""Site Admin Settings - News module"" section.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting ""sendmail"" in the ""Mailer"" option, and launching the ""Forgot your password"" feature.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ""Design"" on ""Edit device layout"" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the ""Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design"" screens.  NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID),NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka ""Windows System Information Console Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(""<void/>"") call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Netwide Assembler (NASM) 2.14rc0, there is a ""SEGV on unknown address"" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) ""Machine Host Name"" or ""Server Serial Number"" field in the clustering configuration, (2) ""name"" field in the Edit Group configuration, (3) ""Rule Name"" field in the Access Control configuration, (4) ""Service Name"" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the ""PDF password"" field to the ""Create Invoice"" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the ""CFNetwork Proxies"" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the ""Safari Printing"" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""libxpc"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The ""Donation Plugin and Fundraising Platform"" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in ""/sws.login/gnb/loginView.sws"" in multiple parameters: contextpath and basedURL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the ""/cgi-bin/alexserv"" servlet, as demonstrated by the DB, FN, fn, or id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in ""/sws/leftmenu.sws"" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A code injection issue was discovered in ipycache through 2016-05-31.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Caret before 2019-02-22 allows Remote Code Execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""libxpc"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""CoreGraphics"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the ""Kernel"" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit Page Loading"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in ""/webtop/help/en/default.htm"" is vulnerable.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Webgalamb through 7.0, a system/ajax.php ""wgmfile restore"" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Moodle 3.5.x before 3.5.4 allows SSRF.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone ""/netflow/jspui/editProfile.jsp"" file in the userName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit Web Inspector"" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""Kernel"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""CoreFoundation"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""Foundation"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""TextInput"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by ""iFrame"" widgets.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"okular version 18.08 and earlier contains a Directory Traversal vulnerability in function ""unpackDocumentArchive(...)"" in ""core/document.cpp"" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka ""Windows Kernel Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Graphics Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8497.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"".  This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"".  This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka ""Skype for Business Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed ""Host"" and ""Referer"" header values.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the ""add article"" feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka ""Microsoft SharePoint XSS vulnerability"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PublicCMS V4.0.20180210. There is a ""Directory Traversal"" and ""Arbitrary file read"" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the ""ipaddress"" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""module import"" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka ""Microsoft Office Memory Corruption Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states ""This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8496.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka ""Microsoft SharePoint Reflective XSS Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a ""4.01 Unauthorized"" response is mishandled. NOTE: the vendor states ""While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.  NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka ""Weak Password Reset.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED **  In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka ""SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability"".",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the ""Profiles"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka ""CredSSP Remote Code Execution Vulnerability"".",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC=""data:image/svg+xml' substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC=""data:image/svg+xml' substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the ""decode_ne_resource_id"" function in the ""restable.c"" source file. This is happening because the ""len"" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the ""simple_vec"" function in the ""extract.c"" source file. This affects icotool.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the ""userEmail"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the ""force_ua"" HTTP GET parameter passed to the ""/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a ""null"" origin value, potentially leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in ""yeager/y.php/tab_USERLIST"" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the ""pagedir_orderby"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as ""eval"") are blocked but others (such as ""system"") are not, and because "".php"" is blocked but "".PHP"" is not blocked.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in ""ztype"" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html ""value"" parameter,",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html ""catname"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the ""paymillToken"" HTTP POST parameter passed to the ""caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Sandbox Profiles"" component, which allows attackers to read photo-directory metadata via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Sandbox Profiles"" component, which allows attackers to read audio-recording metadata via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath ""hosts,"" as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of arbitrary PHP code in Public\Home\1_Static.php because of mishandling in the Application\Admin\Controller\ThemeController.class.php Upload() function.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""Security"" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""IOKit"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""CoreAnimation"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""CFNetwork Session"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the ""StreamingZip"" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Kernel"" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the ""Wi-Fi"" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the ""Wi-Fi"" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Security"" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""CFNetwork Proxies"" component. It allows remote attackers to cause a denial of service.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Wi-Fi"" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Wi-Fi"" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Wi-Fi"" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Wi-Fi"" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the ""Wi-Fi"" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party ""SQLite"" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""JavaScriptCore"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the ""CoreAudio"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""IOUSBFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the ""libxml2"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""libxml2"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Contacts"" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""SQLite"" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the ""AVEVideoEncoder"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the ""HTTPProtocol"" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Audio"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""libc++abi"" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""CoreGraphics"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Security"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Keyboards"" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Audio"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.",ADJACENT_NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WUZHI CMS 4.1.0 has stored XSS via the ""Membership Center"" ""I want to ask"" ""detailed description"" field under the index.php?m=member URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the ""Security"" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka ""Team Foundation Server Cross-site Scripting Vulnerability."" This affects Team.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WUZHI CMS 4.1.0 has stored XSS via the ""Extension module"" ""SMS in station"" field under the index.php?m=core URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0743.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0742.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of ""System setting->site setting"" of admin/index.php, aka site_domain.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ""Forminator Contact Form, Poll & Quiz Builder"" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Forminator Contact Form, Poll & Quiz Builder"" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without validation, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,NONE,LOW
"When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified ""type confusion.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6989.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-31091777.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-29422020.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via ""<!--#exec cmd="" in a .shtml file to ck_upload_handler.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""Messages"" component. It allows remote attackers to cause a denial of service via a crafted message.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or ""oracle"") as a vulnerability.'",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the ""Update profile"" feature.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""kext tools"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the ""Security"" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex=""freemarker.template.utility.Execute""?new()> ${ ex(""' followed by the command.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called ""Bounce Address"", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is ""We have no dynamic including. No one can run PHP by uploading an image in current version."" It also requires authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large ""ict"" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they ""have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid ""remember me"" cookie knowing only a username of an LDAP or OAuth user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default ""normalize URI"" configuration options used in iRules and/or BIG-IP LTM policies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending ""?images"" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.",LOCAL,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the ""CloudMe Sync"" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.,LOCAL,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.",LOCAL,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A WebExtension can request access to local files without the warning prompt stating that the extension will ""Access your data for all websites"" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a ""Pages -> Edit -> Template -> Edit template properties -> Layout"" box.  NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an ""empty"" nick.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""go get"" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for ""://"" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '""Name"":""isauthenticationenabled"",""Value"":false' in an api/settings/setting-isauthenticationenabled PUT request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to the bg_console/index.php?m=opt&c=request URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka ""Lync for Mac 2011 Security Feature Bypass Vulnerability."" This affects Microsoft Lync.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BG_SITE_NAME parameter with malicious code can be written into the opt_base.inc.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MSM8996AU, QCS605, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Gurock TestRail 5.6.0.3853. An ""Unrestricted Upload of File"" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka ""Team Foundation Server Information Disclosure Vulnerability."" This affects Team.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Windows Server"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation might result in incorrect app id returned to the caller Instead of returning failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted application for denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in drivers/gpu/drm/msm/sde_dbg.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in drivers/gpu/drm/msm/sde/sde_connector.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Kirby v2.5.12 allows XSS by using the ""site files"" Add option to upload an SVG file.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
panel/login in Kirby v2.5.12 allows XSS via a blog name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is ""This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php ""post-menu"" parameter, a related issue to CVE-2018-16325.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
"SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in ""/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events"". This attack appears to be exploitable if the attacker can reach the web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video/uploadvideo fileType parameter to change the list of acceptable extensions from jpg,gif,png,jpeg to jpg,gif,png,jsp,jpeg.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as ""1.jpg.php"" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
VNote 2.2 has XSS via a new text note.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an ""apiKey"" value in the ""ApiKey"" header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the ""Setting -> Mailbox configuration -> Registration email template"" screen, and uploading an image file, as demonstrated by a .php filename and the ""Content-Type: image/gif"" header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver application component that, when called, will make the device inoperable. The vulnerable component named com.android.server.SystemRestoreReceiver will write a value of --restore_system\n--locale=<localeto the /cache/recovery/command file and boot into recovery mode. During this process, it appears that when booting into recovery mode, the system partition gets formatted or modified and will be unable to boot properly thereafter. After the device wouldn't boot properly, a factory reset of the device in recovery mode does not regain properly functionality of the device. The com.android.server.SystemRestoreReceiver broadcast receiver app component is accessible to any app co-located on the device and does not require any permission to access. The user can most likely recover the device by flashing clean firmware images placed on an SD card.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) containing an exported content provider named com.android.messaging.datamodel.MessagingContentProvider. Any app co-located on the device can read the most recent text message from each conversation. That is, for each phone number where the user has either sent or received a text message from, a zero-permission third-party app can obtain the body of the text message, phone number, name of the contact (if it exists), and a timestamp for the most recent text message of each conversation. As the querying of the vulnerable content provider app component can be performed silently in the background, a malicious app can continuously monitor the content provider to see if the current message in each conversation has changed to obtain new text messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The ""secret chat"" feature in Telegram 4.9.1 for Android has a ""side channel"" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the ""Secret chats > Preview links"" setting.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted ""value"" attribute in a <input> element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports ""Sissi in Rete (con server)"" for offline operation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Karaf provides a features deployer, which allows users to ""hot deploy"" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116108738.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 provides a directory listing for a /public request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is ""not exploitable.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a ""StartTLS stripping attack.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName(""MediaBox""),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the ""_where"" attribute of package.json files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior to device shutdown by setting the system properties using the exported interface of the com.qualcomm.qti.modemtestmode app. Any app with the READ_EXTERNAL_STORAGE permission can access the log files.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The ""id"" and ""operation"" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer's bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Signal Messenger for Android 4.24.8 may expose private information when using ""disappearing messages."" If a user uses the photo feature available in the ""attach file"" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to ""appadmin"" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the ""bytes=0-,0-"" substring.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a ""<?php function "" substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information disclosure vulnerability exists in the ""Secret Chats"" functionality of the Telegram Android messaging application version 4.9.0. The ""Secret Chats"" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '""stack"": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to ""smart contracts can be executed indefinitely without gas being paid.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src=""http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating ""If you allow users to pass HTML without sanitising it, you're asking for trouble.""",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.  NOTE: this product is discontinued.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a ""from"" and ""to"" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When opening a deep link URL in SAP Fiori Client with log level set to ""Debug"", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a ""Charles Settings.xml"" file from an attacker, an intranet network may be accessed and information may be leaked.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite 7.8.4 and earlier allows Directory Traversal.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a ""free(): invalid pointer"" error.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in "".php"" with mixed case, such as the .pHp extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter ""filterType"" in /attachments.php that can allow the attacker to grab the entire database of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the ""/assets/files"" directory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""mall some commodity details: commodity consultation"" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a "".."" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Jspxcms v9.0.0 allows SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability.  NOTE: the vendor disputes that this is a vulnerability, stating it is ""already mitigated by the internal firewall that limits access to configuration services to localhost.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the ""--backup database"" option.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA setInterval method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6458.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the ""name"" POST parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka ""Admin ids"" input in the Facebook section).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the ""I forgot my Password!"" feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via ""INTO OUTFILE"" with a .php filename.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after ""GET /uir"" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the ""InResponseTo"" field in the response.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka ""Team Foundation Server Cross-site Scripting Vulnerability."" This affects Team.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using ""../"" directory traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148689.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because ""/../"" and ""/.. /"" are mishandled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"MailEnable before 8.60 allows Stored XSS via malformed use of ""<img/src"" with no "">"" character in the body of an e-mail message.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,NONE,HIGH
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the ""Reports > Reports"" name field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Social Pug - Easy Social Share Buttons"" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft Office SharePoint XSS Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft Office SharePoint XSS Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft Office SharePoint XSS Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Engelsystem before commit hash 2e28336 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.,PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ""ASP.NET Core Denial of Service Vulnerability."" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking.  NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TEMMOKU T1.09 Beta allows admin/user/add CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The server API in the Anda app relies on hardcoded credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request.  NOTE: this product is discontinued.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in the ""Bazar"" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the ""id"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in BTITeam XBTIT 2.5.4. The ""returnto"" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, ""registration"" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The yaml_parse.load method in Pylearn2 allows code injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the ""address"" (POST) or ""town"" (POST) parameter to adherents/type.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the ""address"" (POST) or ""town"" (POST) parameter to user/card.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service (""physical address not valid"" panic) via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in ""id_utente_mod"" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the ""id_utente_mod=1"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered ""low risk"" due to the nature of the feature it exploits.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ymlref allows code injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in ""Smarty error: unable to read resource"" error messages for a crafted installation page.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
UCMS 1.4.7 has ?do=user_addpost CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka ""Connected User Experiences and Telemetry Service Denial of Service Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An integer overflow error within the ""parse_qt()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""EditCurrentUser.jsp"" has reflected XSS via the GroupId and ConnPoolName parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka ""Microsoft Dynamics NAV Cross Site Scripting Vulnerability."" This affects Microsoft Dynamics NAV.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka ""Windows Azure Pack Cross Site Scripting Vulnerability."" This affects Windows Azure Pack Rollup 13.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/AdminAuthorisationFrame.jsp"" has reflected XSS via the ConnPoolName or GroupId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/Contacts.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/SharedCriteria.jsp"" has reflected XSS via the ConnPoolName or GroupId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""EditCurrentPresentSpace.jsp"" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""GroupRessourceAdmin.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""UserProperties.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""EditCurrentPool.jsp"" has reflected XSS via the PropName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/GroupCopy.jsp"" has reflected XSS via the ConnPoolName, GroupId, or type parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/GroupMove.jsp"" has reflected XSS via the ConnPoolName, GroupId, or type parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/Subscriptions.jsp"" has reflected XSS via the ConnPoolName or GroupId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/Rights.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/categorytree/ChooseCategory.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/Subscribers.jsp"" has reflected XSS via the ConnPoolName or GroupId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/SubFolderPackages.jsp"" has reflected XSS via the GroupId parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""/VPortal/mgtconsole/Import.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""Users.jsp"" has reflected XSS via the ConnPoolName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""EditCurrentPresentSpace.jsp"" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page ""Variables.jsp"" has reflected XSS via the ConnPoolName and GroupId parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross site scripting vulnerability in iManager prior to 3.1 SP2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the ssdt.sys kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation. A failed exploit could lead to denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An error within the ""LibRaw::xtrans_interpolate()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A type confusion error within the ""identify()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An error within the ""leaf_hdr_load_raw()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An error within the ""samsung_load_raw()"" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the ""page"" parameter.  NOTE: The product is discontinued.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.",ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(""WScript.Shell"").",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the ""file1"" URL parameter, a similar issue to CVE-2018-11344.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the ""path"" URL parameter.  NOTE: the ""filename"" POST parameter is covered by CVE-2018-11345.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Tarantella Enterprise before 3.11 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the ""path"" parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the ""username"" cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.  NOTE: this can be leveraged by remote attackers using CVE-2016-9565.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the ""name"" POST parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the ""filename"" URL parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the ""path"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the ""name"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the ""name"" URL parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the ""Event"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the ""lines"" URL parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the ""Input your notice URL"" field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the ""User phrases button"" field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Read Access Violation starting at U3DBrowser+0x000000000000347a"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a ""Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered on the ""Bank Account Matching - Receipts"" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Library Management System 1.0 has SQL Injection via the ""Search for Books"" screen.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Sonatype Nexus Repository Manager before 3.14 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka ""Azure App Service Cross-site Scripting Vulnerability."" This affects Azure App.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka ""Windows Audio Service Information Disclosure Vulnerability."" This affects Windows 10 Servers, Windows 10, Windows Server 2019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the ""open"" event is immediately followed by a ""close"" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the ""text"" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ""Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."" This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ""Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."" This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ""Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."" This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ""Win32k Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""page"" parameter of the function ""fromDhcpListClient"" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""page"" parameter of the function ""fromAddressNat"" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""firewallEn"" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,LOW
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka ""Microsoft PowerShell Tampering Vulnerability."" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a ""failed to open stream"" error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the ""New news"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a ""SET GLOBAL general_log_file"" statement, followed by a SELECT statement containing this PHP code.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"pandao Editor.md 1.5.0 has DOM XSS via input starting with a ""<<"" substring, which is mishandled during construction of an A element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter.  NOTE: this is a deprecated product.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter.  NOTE: this is a deprecated product.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt ""PHP Login & User Management"" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list ""attached"" attribute (which typically has 'class=""icon-globe icon-large""' in its value), as demonstrated by an 'UPDATE sys_module SET attached = ""[XSS]"" WHERE id=""page_list""' statement.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
tianti 2.3 has stored XSS in the article management module via an article title.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9*Q password in some cases.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~ account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the ""Upload File or Image"" feature, with a .php filename and ""Content-Type: application/octet-stream"" to the index.php?action=file_manager_upload URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,HIGH
"Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to ""Insecure signature,"" aka SAP Security Note 2134905.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading ""/"" in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 .",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An XSS issue was discovered in Catfish CMS 4.8.30, related to ""write source code,"" a similar issue to CVE-2018-13999.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called ""black box"" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka "".NET Core Information Disclosure Vulnerability."" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the ""likes"" page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FsPro Labs Event Log Explorer 4.6.1.2115 has "".elx"" FileType XML External Entity Injection.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.),NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.),NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.),NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ""DROWN"" attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing ""dual A/AAAA DNS queries"" and the libnss_dns.so.2 NSS module.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Aryanic HighPortal 12.5 has XSS via an Add Tags action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
vBulletin 5.4.3 has an Open Redirect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DomainMod 4.10.0 has Stored XSS in the ""/settings/profile/index.php"" new_last_name parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"DomainMod 4.10.0 has Stored XSS in the ""/settings/profile/index.php"" new_first_name parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ""MS XML Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php ""Content-->News-->Add Article"" action.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either ""HttpClientInterceptorPlugin"" or ""HttpClientBuilderPlugin"", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""startTime"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the ""new WebSocket"" line in the source code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka ""SQL Server Management Studio Information Disclosure Vulnerability."" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka ""SQL Server Management Studio Information Disclosure Vulnerability."" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode.  NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint.  NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the ""Manage portfolio"" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when ""html"" are the last four characters, as demonstrated by a .phtml file containing PHP code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mediamanager in REDAXO before 5.6.4 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as ""C:/evil.bat"", tika-app would overwrite that file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka ""Microsoft Graphics Component Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
PHP Scripts Mall Olx Clone 3.4.2 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An ""Unrestricted Upload of File with Dangerous Type"" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka ""MS XML Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,NONE,NONE
"Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vanilla before 2.6.1 allows XSS via the email field of a profile.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with ""blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., ""${phpinfo()}"").",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""password"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""cameraIp"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long ""secretKey"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long ""accessKey"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long ""directory"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the ""WebKit"" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zoho ManageEngine Desktop Central 10.0.271 has XSS via the ""Features & Articles"" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChemCMS 1.0.6 has XSS via the ""setting -> website information"" field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable ""debug_client"" in multi-thread manner, Use after free issue occurs",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a ""Use after free"" scenario.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.,NETWORK,HIGH,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka ""Internet Explorer Security Feature Bypass Vulnerability."" This affects Internet Explorer 11.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the ""Categories"" menu.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a ""<file type='file' name='../"" substring.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be ""true"" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint.  NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.",PHYSICAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication.  NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode.  NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.  NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an ""X-Content-Type-Options: nosniff"" header is not sent.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""correlationId"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""callbackUrl"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Eventum before 3.4.0 has an open redirect vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka ""Windows Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BTITeam XBTIT. The ""returnto"" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated ""We do not consider this a vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (""admin:password"") is used in the Android application that allows attackers to use a hidden API URL ""/goform/SystemCommand"" to execute any command with root permission.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BTITeam XBTIT 2.5.4. The ""keywords"" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in BTITeam XBTIT 2.5.4. The ""act"" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka "".NET Framework Remote Code Execution Vulnerability."" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bludit 2.3.4 allows XSS via a user name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable buffer overflow vulnerability exists in the PubNub message handler for the ""control"" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long ""c_r"" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ""Windows Hyper-V Denial of Service Vulnerability."" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ""Windows Hyper-V Denial of Service Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437.",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka ""Windows Hyper-V Denial of Service Vulnerability."" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438.",ADJACENT_NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft Office SharePoint XSS Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"wityCMS 0.6.2 has XSS via the ""Site Name"" field found in the ""Contact"" ""Configuration"" page.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
phpMyFAQ before 2.9.11 allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP ""Discover"" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified ""heap-buffer-overflow"" condition in IR::FunctionValidationContext::end.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka ""Microsoft Scripting Engine Information Disclosure Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LimeSurvey before 3.14.7, an admin user can leverage a ""file upload"" question to read an arbitrary file,",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.  NOTE: this vulnerability exists because of a CVE-2012-6701 regression.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"". This is different than CVE-2017-11937.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka ""Windows Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0830 and CVE-2018-0832.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka ""Windows Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0829 and CVE-2018-0832.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka ""Graphics Component Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ""Microsoft Office OLE DLL Side Loading Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka ""Microsoft Office Information Disclosure Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,LOW,LOW
"VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the ""identification of image.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to ""throwing of exceptions.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a ""file truncation error for corrupt file.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a ""bits/bytes confusion bug.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging ""type confusion.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,HIGH
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with ""illegal options.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an ""invalid JSON"" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
game-music-emu before 0.6.1 mishandles unspecified integer values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka ""Universal XSS (UXSS).""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages ""type confusion"" in the StylePropertySerializer class.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka ""Universal XSS (UXSS).""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the ""Save page as"" menu choice.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mkdumprd script called ""dracut"" in the current working directory ""."" allows local users to trick the administrator into executing code as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components.",LOCAL,LOW,HIGH,REQUIRED,CHANGED,LOW,HIGH,NONE
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Security"" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""CoreMedia Playback"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""IOHIDFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component, which allows local users to cause a denial of service via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Disk Images"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""CoreGraphics"" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Security"" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""IOKit"" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Audio"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Audio"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""syslog"" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""Security"" component, which allows remote attackers to spoof certificates via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""CoreFoundation"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the ""IOKit"" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the ""Accounts"" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka ""Win32k Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka ""Windows Kerberos Security Feature Bypass.""",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.",NETWORK,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,NONE
"Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the ""Myriad Escaped Characters"" Vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the ""Web Server"" feature is enabled.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""user"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long ""url"" value in order to overwrite the saved-PC with 0x42424242.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka ""Non-standard use of the flash component.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the ""shard"" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long ""region"" value in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"POSIM EVO 15.13 for Windows includes hardcoded database credentials for the ""root"" database user. ""root"" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect ""download an attachment"" permission checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Citrix XenServer 7.1 and newer allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka ""Microsoft (MAU) Office Elevation of Privilege Vulnerability."" This affects Microsoft Office.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MorningStar WhatWeb 0.4.9 has XSS via JSON report files.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable buffer overflow vulnerability exists in the camera ""create"" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the ""state"" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the "".athena.mit.edu"" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted e-mail address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the ""DestPos"" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted ""Host"" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the ""Leave a Comment"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via ""network connectivity"". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
CMSUno before 1.5.3 has XSS via the title field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.",NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long ""ad_r"" parameter in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long ""ak"" parameter in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially crafted website and add it to HTML editor areas of OX App Suite, for example E-Mail Compose or OX Text. This specific attack circumvents typical XSS filters and detection mechanisms since the code is not loaded from an external service but injected locally. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). To exploit this vulnerability, a attacker needs to convince a user to follow specific steps (social-engineering).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application. Using script code at the file name leads to script execution. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Users actively need to add a file to the portal to enable this attack. In case of shared files however, a internal attacker may modify a previously embedded file to carry a malicious file name. Furthermore this vulnerability can be used to persistently execute code that got injected by a temporary script execution vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The ""session"" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The ""getprivkeybyid"" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the ""id"" and ""cid"" parameter to specify the current user by its user- and context-ID. The ""auth"" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the ""id"" and ""cid"" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the ""id"" and ""cid"" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and ""guests"" which use the external mail reader.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the ""Cannot upload executable files"" protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka ""Microsoft SQL Server Remote Code Execution Vulnerability."" This affects Microsoft SQL Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka ""LNK Remote Code Execution Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the ""mon"" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with ""mon"" permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be ""jumped"" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GetSimple CMS 3.3.14 has XSS via the admin/edit.php ""Add New Page"" field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the ""Add Page/URL"" URL link field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified ""file download"" attacks via unknown vectors.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a ""type confusion"" issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as "".."" that can resolve to a location that is outside of that directory, aka Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a ""double fetch"" vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an ""on success"" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs ""safe"" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the ""chart"" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,HIGH
"Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the ""{{group}}"" Helper and a crafted payload.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the ""select_sso()"" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the ""Login"" button.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the ""ownerUnderflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka "".NET Framework Information Disclosure Vulnerability."" This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka ""Local Security Authority Subsystem Service Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka ""Microsoft Office Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-7290.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka ""Microsoft Office Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-7291.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Microsoft Edge Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-7206.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Windows Hyperlink Object Library Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Uniscribe Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Graphics Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka ""Secure Kernel Mode Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka "".NET Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Security Feature Bypass Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka ""Microsoft Office Security Feature Bypass Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""GDI Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Open Type Font Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka ""SQL Server Agent Elevation of Privilege Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka ""SQL Analysis Services Information Disclosure Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka ""MDS API XSS Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka ""SQL RDBMS Engine Elevation of Privilege Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka ""Secure Boot Component Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka ""Windows NTLM Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka ""Local Security Authority Subsystem Service Denial of Service Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka ""VHD Driver Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka ""VHD Driver Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka ""VHD Driver Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka ""Task Scheduler Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka ""Windows IME Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka ""Virtual Secure Mode Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka ""Windows Bowser.sys Information Disclosure Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Media Foundation Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka ""Windows Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7185.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka ""Open Type Font Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka ""Microsoft Edge Spoofing Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Microsoft Edge Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-7280.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Animation Manager Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to access arbitrary ""My Documents"" files via a crafted web site, aka ""Microsoft Edge Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7195.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka ""Scripting Engine Remote Code Execution Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Diagnostics Hub Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7211.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka ""True Type Font Parsing Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified ""type confusion,"" a different vulnerability than CVE-2016-4223 and CVE-2016-4224.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified ""type confusion,"" a different vulnerability than CVE-2016-4223 and CVE-2016-4225.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified ""type confusion,"" a different vulnerability than CVE-2016-4224 and CVE-2016-4225.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""GDI+ Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Graphics Component RCE Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3386, CVE-2016-7190, and CVE-2016-7194.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka ""Microsoft Browser Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3387.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka ""Microsoft Browser Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3388.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka ""Microsoft Exchange Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka ""Microsoft Exchange Open Redirect Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3350.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability."" a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka ""PDF Library Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3374.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka ""Windows Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka ""Windows Remote Code Execution Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3362.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3365.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka ""GDI Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka ""Internet Explorer Security Feature Bypass.""",NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka ""Microsoft Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka ""Windows Permissions Enforcement Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Authenticated Remote Code Execution Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Windows Transaction Manager Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3294.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka ""Internet Explorer Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka ""Microsoft Browser Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3327.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3289.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka ""Internet Explorer Information Disclosure Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka ""Microsoft PDF Remote Code Execution Vulnerability.""",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka ""Microsoft OneNote Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka ""Universal Outlook Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3310.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3311.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Windows Graphics Component RCE Vulnerability,"" a different vulnerability than CVE-2016-3303.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Windows Graphics Component RCE Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3330.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3288.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3322.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3290.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka ""Secure Boot Security Feature Bypass.""",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3254.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka ""Microsoft Office Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka ""Microsoft Browser Spoofing Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka ""Windows Kernel Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Scripting Engine Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3265.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3376, CVE-2016-7185, and CVE-2016-7211.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""GDI+ Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3262.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""GDI+ Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3263.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3248.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka ""Windows File System Security Feature Bypass.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka ""Windows Secure Kernel Mode Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3286.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3249, CVE-2016-3254, and CVE-2016-3286.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka ""Win32k Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3259.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Microsoft Edge Security Feature Bypass.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3240 and CVE-2016-3242.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3241 and CVE-2016-3242.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka ""Windows Print Spooler Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka ""Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Microsoft Office OLE DLL Side Loading Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Diagnostics Hub Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka ""Windows Search Component Denial of Service Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka ""Windows SMB Server Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3218.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""ATMFD.dll Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3221.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""Windows Graphics Component Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3199.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka ""Internet Explorer XSS Filter Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0199 and CVE-2016-0200.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka ""True Type Font Parsing Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3205 and CVE-2016-3206.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3205 and CVE-2016-3207.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3206 and CVE-2016-3207.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka ""Windows PDF Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka ""Windows PDF Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-3215.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3214.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka ""Microsoft Edge Security Feature Bypass.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified ""type confusion,"" a different vulnerability than CVE-2016-1019.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0199 and CVE-2016-3211.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0200 and CVE-2016-3211.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka ""Windows Imaging Component Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0186 and CVE-2016-0191.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0186 and CVE-2016-0193.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka ""Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0187.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka ""Internet Explorer Security Feature Bypass.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0191 and CVE-2016-0193.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka ""Windows Media Center Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka ""Direct3D Use After Free Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka ""Microsoft Office Graphics RCE Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka ""Windows Journal Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka ""Hypervisor Code Integrity Security Feature Bypass.""",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Shell Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka ""RPC Network Data Representation Engine Elevation of Privilege Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka ""Win32k Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka ""Windows Graphics Component RCE Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka ""Windows Graphics Component Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-0168.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka ""Windows Graphics Component Information Disclosure Vulnerability,"" a different vulnerability than CVE-2016-0169.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0143 and CVE-2016-0165.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0143 and CVE-2016-0167.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka ""Internet Explorer Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka ""Microsoft Edge Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0158.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka ""Microsoft Edge Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0161.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0156 and CVE-2016-0157.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka ""Windows OLE Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ""Windows DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka ""Windows CSRSS Security Feature Bypass Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka ""HTTP.sys Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka ""TLS/SSL Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "".NET Framework Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0165 and CVE-2016-0167.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka ""Microsoft Video Control Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka ""Microsoft Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka ""Microsoft Exchange Information Disclosure Vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka ""Microsoft APP-V ASLR Bypass.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Secondary Logon Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka "".NET XML Validation Security Feature Bypass.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka ""Microsoft Edge Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka ""OpenType Font Parsing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka ""OpenType Font Parsing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka ""Windows Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka ""Windows Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka ""Secondary Logon Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka ""Windows Media Parsing Remote Code Execution Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka ""Windows OLE Memory Remote Code Execution Vulnerability,"" a different vulnerability than CVE-2016-0091.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka ""Windows OLE Memory Remote Code Execution Vulnerability,"" a different vulnerability than CVE-2016-0092.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka ""Hyper-V Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka ""Hyper-V Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Microsoft Edge ASLR Bypass.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka ""Windows Kernel Local Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka ""Microsoft Browser Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka ""Windows Kernel Local Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0073.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka ""Windows Kernel Local Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0075.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka ""Windows Kernel Local Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka ""Internet Explorer Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0068.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka ""Internet Explorer Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0069.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0072.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka ""Internet Explorer Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka ""Microsoft Office Security Feature Bypass Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0022.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""WebDAV Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka ""Windows Forms Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""Windows DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka ""Microsoft SharePoint XSS Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka "".NET Framework Stack Overflow Denial of Service Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka ""Microsoft Exchange Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows Common Log File System Driver Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""MAPI DLL Loading Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka ""Microsoft SharePoint Security Feature Bypass,"" a different vulnerability than CVE-2015-6117.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2015-6048 and CVE-2015-6049.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka ""Microsoft SharePoint Security Feature Bypass,"" a different vulnerability than CVE-2016-0011.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) ""\"" (backslash) or (2) ""%5C"" (encoded backslash), aka ""Path Validation Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the ""Settings > Users / Roles"" function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
my little forum 2.4.12 allows CSRF for deletion of users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka ""Windows Shell Remote Code Execution Vulnerability."" This affects Windows 10 Servers, Windows 10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol ""ng"" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The editor in Xiuno BBS 4.0.4 allows stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka ""Internet Explorer Remote Code Execution Vulnerability."" This affects Internet Explorer 11, Internet Explorer 10.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ""Microsoft Excel Information Disclosure Vulnerability."" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect pointer dereference and node crash) via unspecified vectors.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the ""docid"" and ""content"" parameters and accessing it in the traversed directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the ""print_command"" global variable in interface/super/edit_globals.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the ""hylafax_server"" global variable in interface/super/edit_globals.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the ""hylafax_enscript"" global variable in interface/super/edit_globals.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the ""hylafax_server"" global variable in interface/super/edit_globals.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka ""Allow upload file suffix"") setting, and must use ""php,php"" in this setting to bypass the ""php"" restriction.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the ""Show Snippet"" functionality.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '""' and ',' and '\r' are not escaped and can be used to add new entries to the log.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the ""advanced settings - time server"" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the ""server name"" field in actions/ChangeConfiguration.html.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an ""AV Report Scheduler"" HTTP User-Agent header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the ""value"" field of the proxy user settings in ""system settings / scan settings / anti spam"" configuration tab.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the ""value"" field of the SMTP user settings in the notifications configuration tab.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,HIGH,LOW
"Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.",LOCAL,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a ""cross-protocol cross-site scripting (XPXSS)"" vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a ""logic flaw"" in the authentication process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp.  NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.,LOCAL,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the ""detailed status"" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the ""status"" page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a ""config"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the ""a:visited button"" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.,ADJACENT_NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,NONE
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a ""Boot Information Disclosure"" issue, aka Bug ID CSCux17178.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a ""Gateway HTTP Corruption Denial of Service"" issue, aka Bug ID CSCuy28100.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a ""Gateway Client List Denial of Service"" issue, aka Bug ID CSCux24948.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted Sender property.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an ""edit"" admin action to serendipity_admin.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) ""by"" parameter to admin/orion.extfeedbackform_efbf_forms.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php.  NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3) login parameter to api/v3/auth/reset_password.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) ""Fortiview threats by users search filtered by vdom"" or (5) ""PCAP file download generated by the VM scan feature.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted ""privileged commands.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MySQL ""root"" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple hardcoded credentials in Xsuite 2.x.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a ""broken authentication mechanism.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a ""BACKRONYM"" attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an ""&"" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related ""serialized data and the last part of the concatenated filename,"" which creates a file in webroot.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running ""pm install"" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php.  NOTE: vector 1 may overlap CVE-2014-1906.4.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier.  NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the ""cacheDir"" path and following usage of the ""Clear Cache"" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the ""Cache directory"" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by ""POST /PY/EMULATION_GET_FILE"" or ""POST /PY/EMULATION_EXPORT"" with FileName=../../../passwd in the POST data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting (XSS) vulnerability in every page that includes the ""action"" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,HIGH
"HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.",PHYSICAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double ""To"" header and an empty ""To"" tag causes a segmentation fault and crash. The reason is missing input validation in the ""build_res_buf_from_sip_req"" core function. This could result in denial of service and potentially the execution of arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""First Citizens Bank-Mobile Banking"" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""RVCB Mobile"" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""FNB Kemp Mobile Banking"" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar"" onclick=""alert(1)').",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf ""Nome Completo"" (aka user fullname) field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unrestricted file upload vulnerability in ""op/op.UploadChunks.php"" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the ""qqfile"" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Persistent Cross-Site Scripting (XSS) vulnerability in the ""Categories"" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the ""op/op.UploadChunks.php"" ""qquuid"" parameter.  NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tenda D152 ADSL routers allow XSS via a crafted SSID.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between ""0"" and ""3"".",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between ""0"" and ""3"".",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between ""0"" and ""3"".",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Add page option in my little forum 2.4.12 allows XSS via the Title field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for ""Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe,"" which allows local users to gain privileges via a Trojan horse file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Brynamics ""Online Trade - Online trading and cryptocurrency investment system"" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses ""Check Now"". This vulnerability appears to have been fixed in 8.2.1.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.  NOTE: a third party reports that ""OpenSSH upstream does not consider this as a security issue.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Bento4 1.5.1-624. There is an unspecified ""heap-buffer-overflow"" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account ""set"", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2).",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an ""m_id=1 AND SLEEP(5)"" substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between ""[00 88] and ""[00 00 00]"" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the ""/xml/menu/getObjectEditor.xml"" URL, using a ""?oid=systemSetup&id=_0"" or ""?oid=systemUsers&id=_0"" GET request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v&#95;pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the ""amount * 1000000000000000"" will cause an integer overflow in withdrawToFounders().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
InstantCMS 2.10.1 has /redirect?url= XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The komoot GmbH ""Komoot - Cycling & Hiking Maps"" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the ""always assign the sample of the first dimension region of this region"" feature of the function gig::Region::UpdateChunks in gig.cpp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AnyDesk before ""12.06.2018 - 4.1.3"" on Windows 7 SP1 has a DLL preloading vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"""Shpock Boot Sale & Classifieds"" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the ""userdata"" table from the ""eloam"" database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka ""Remote Code Execution Vulnerability in Skype For Business and Lync."" This affects Skype, Microsoft Lync.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka ""ASP.NET Security Feature Bypass Vulnerability."" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in ""Microsoft COM for Windows"" when it fails to properly handle serialized objects, aka ""Microsoft COM for Windows Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ""Windows GDI Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka "".NET Framework Security Feature Bypass Vulnerability."" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka ""Windows Mail Client Information Disclosure Vulnerability."" This affects Mail, Calendar, and People in Windows 8.1 App Store.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The ""Firebase Cloud Messaging (FCM) + Advance Admin Panel"" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka ""LNK Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka ""Microsoft Graphics Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka ""Microsoft Macro Assembler Tampering Vulnerability."" This affects Microsoft Visual Studio.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Jirafeau before 3.4.1. The file ""search by name"" form is affected by one Cross-Site Scripting vulnerability via the name parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Entrust Datacard Syntera CS 5.x has XSS via the name field of ""Domain or Computer Name"" in the login page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the ""cddocument"" parameter in the ""Downloading Electronic Documents"" section.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Gravity before 0.5.1 does not support a maximum recursion depth.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Genann through 2018-07-08 has a SEGV in genann_run in genann.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka ""MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability."" This affects Microsoft Research JavaScript Cryptography Library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8299.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka ""Open Source Customization for Active Directory Federation Services XSS Vulnerability."" This affects Web Customizations.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"CVE-2018-8025 describes an issue in Apache HBase that affects the optional ""Thrift 1"" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.,NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an ""all"" action to api/tasks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClipperCMS 1.3.3 has stored XSS via the ""Tools -> Configuration"" screen of the manager/ URI.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Rclone 1.42, use of ""rclone sync"" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a ""RESTLESS"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line..",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in InvoicePlane 1.5.10 via the ""Quote PDF Password(Optional)"" field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the ""evilReflex"" issue. NOTE: a PeckShield disclosure states ""some researchers have independently discussed the mechanism of such vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the ""evilReflex"" issue. NOTE: a PeckShield disclosure states ""some researchers have independently discussed the mechanism of such vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via ""..%f"" sequences.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the ""batchOverflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a ""pattern with very many captures.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as ""retval"" argument can cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Brynamics ""Online Trade - Online trading and cryptocurrency investment system"" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of copy_from_user and information leak in function ""msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a ""publicly accessible environment.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a ""double fetch"" vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a ""double fetch"" vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a ""double fetch"" vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The ""stub_recv_cmd_submit()"" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""get_pipe()"" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which ""amount * sellPrice"" can be zero, consequently reducing a seller's assets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Jirafeau before 3.4.1. The ""search file by hash"" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Jirafeau before 3.4.1. The ""search file by link"" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A CSRF issue was discovered in Jirafeau before 3.4.1. The ""delete file"" feature on the admin panel is not protected against automated requests and could be abused.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",LOCAL,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the ""X-Wap-Profile"" HTTP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
SQL injection vulnerability in the management interface in ePortal  Manager allows remote attackers to execute arbitrary SQL commands  via unspecified parameters.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.,ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the ""class_exists"" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php ""system manage"" and ""add"" actions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in ""Details"" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Hycus CMS 1.0.4 allows Authentication Bypass via ""'=' 'OR'"" credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Remote Code Execution vulnerability has been found in the Horde_Image library when using the ""Im"" backend that utilizes ImageMagick's ""convert"" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A shared worker created from a ""data:"" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
mao10cms 6 allows XSS via the article page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
mao10cms 6 allows XSS via the m=bbs&a=index page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function ""strlen"" is getting a ""NULL"" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given ""maxMemory"" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges.  NOTE: This is a different vulnerability than CVE-2014-7920.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges.  NOTE: This is a different vulnerability than CVE-2014-7921.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Characters from the ""Canadian Syllabics"" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw ""punycode"" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from ""Aspirational Use Scripts"" such as Canadian Syllabics to be mixed with Latin characters in the ""moderately restrictive"" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as ""Limited Use Scripts."". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the ""Login Sessions"" feature.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be ""true"" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the WpDevArt ""Booking calendar, Appointment Booking System"" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's ""TITLE"" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"When an ""iframe"" has a ""sandbox"" attribute and its content is specified using ""srcdoc"", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included ""allow-same-origin"". This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Windows systems, the logger run by the Windows updater deletes the file ""update.log"" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named ""update.log"" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka ""Microsoft Exchange Server Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The content security policy (CSP) ""sandbox"" directive did not create a unique origin for the document, causing it to behave as if the ""allow-same-origin"" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If a page is loaded from an original site through a hyperlink and contains a redirect to a ""data:text/html"" URL, triggering a reload will run the reloaded ""data:text/html"" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A mechanism to spoof the addressbar through the user interaction on the addressbar and the ""onblur"" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An out-of-bounds write in ""ClearKeyDecryptor"" while decrypting some Clearkey-encrypted media content. The ""ClearKeyDecryptor"" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in ""createImageBitmap()"" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the ""createImageBitmap"" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A potentially exploitable crash in ""EnumerateSubDocuments"" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JavaScript in the ""about:webrtc"" page is not sanitized properly being assigned to ""innerHTML"". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A content security policy (CSP) ""frame-ancestors"" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because ""the code had computed the required string length first, and then allocated a large-enough buffer on the heap.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"WebExtensions may use ""view-source:"" URLs to view local ""file:"" URL content, as well as content stored in ""about:cache"", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Canvas allows the use of the ""feDisplacementMap"" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue where a ""<select>"" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"networking.c in Redis before 3.2.7 allows ""Cross Protocol Scripting"" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,NONE
"Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read while processing SVG content in ""ConvolvePixel"". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An out-of-bounds read when an HTTP/2 connection to a servers sends ""DATA"" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability while parsing ""application/http-index-format"" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow vulnerability while parsing ""application/http-index-format"" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A ""javascript:"" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When adding a range to an object in the DOM, it is possible to use ""addRange"" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Find API for WebExtensions can search some privileged pages, such as ""about:debugging"", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The existence of a specifically requested local file can be found due to the double firing of the ""onerror"" when the ""source"" attribute on a ""<track>"" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free can occur when events are fired for a ""FontFace"" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When a ""javascript:"" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If a malicious site uses the ""view-source:"" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making ""view-source:"" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by ""blob:"" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is ""NT AUTHORITY / SYSTEM"") by sending a specially crafted request to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ""Microsoft Excel Information Disclosure Vulnerability."" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (""[IPv4/IPv6]: UFO Scatter-gather approach"") on Oct 18 2005.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of ""data:"" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Event handlers on ""marquee"" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If the ""app.support.baseURL"" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads ""chrome://browser/content/preferences/in-content/preferences.xul"" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"If a URL using the ""file:"" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the ""noopener"" keyword. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including ""javascript:"" links. If a JSON file contains malicious JavaScript script embedded as ""javascript:"" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On pages containing an iframe, the ""data:"" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The filename appearing in the ""Downloads"" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An out-of-bounds read in WebGL with a maliciously crafted ""ImageInfo"" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability during video control operations when a ""<track>"" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display ""chrome:"" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display ""javascript:"" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a ""null"" password and valid username, which triggers an unauthenticated bind.  NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability can occur when flushing and resizing layout because the ""PressShell"" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the ""multipart/x-mixed-replace"" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted ""refr"" parameter in a ""/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr="" call.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"URLs using ""javascript:"" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the ""javascript:"" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in ""libGLES"", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"If manipulated hyperlinked text with ""chrome:"" URL contained in it is dragged and dropped on the ""home"" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Image for moz-icons can be accessed through the ""moz-icon:"" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Redirection from an HTTP connection to a ""data:"" URL assigns the referring site's origin to the ""data:"" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable ""event->num_ndp_end_rsp_per_ndi_list"" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chevereto Free before 1.0.13 has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of ""Referer: http://192.168.0.1/mainFrame.htm"" then no authentication is required for any action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
nZEDb v0.7.3.3 has XSS in the 404 error page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Twonky Server before 8.5.1 has XSS via a modified ""language"" parameter in the Language section.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"If a long user name is used in a username/password combination in a site URL (such as "" http://UserName:Password@example.com""), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a ""/!select/"" substring in place of a select substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Edge improperly marks files, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. User interaction not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,NONE,NONE,HIGH
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ""../"" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.",NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the ""Messages"" component. It allows remote attackers to cause a denial of service via a crafted message.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the ""Siri Contacts"" component. It allows physically proximate attackers to discover private contact information via Siri.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""Kernel"" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""Messages"" component. It allows local users to perform impersonation attacks via an unspecified injection.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the ""Magnifier"" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""Crash Reporter"" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""UIKit"" component. It allows remote attackers to cause a denial of service via a crafted text file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""FontParser"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""Security"" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An exploitable heap overflow vulnerability exists in the Fiddle::Function.new ""initialize"" function functionality of Ruby. In Fiddle::Function.new ""initialize"" heap buffer ""arg_types"" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Graphics Drivers"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""ATS"" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""IOFireWireAVC"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""NVIDIA Graphics Drivers"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""IOGraphics"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ""AMD"" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the ""Tracking"" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to ""/storage/poc.svg"" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"There is a reflected XSS vulnerability in AXON PBX 2.02 via the ""AXON->Auto-Dialer->Agents->Name"" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the ""referral_site"" cookie to have an XSS payload, and placing an order.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer=""V100R001B012"" FWVer=""3.10.0.24"" FirmVer=""TT_77616E6771696F6E67"") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in ""Account Settings -> Member Centre -> Chinese information -> Ordinary member"" via a QQ number, as demonstrated by a form[qq_10]= substring.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in ""admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list"" that can add an admin account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""program extension upload"" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored cross-site scripting (XSS) vulnerability in the ""Website's name"" field found in the ""Settings"" page under the ""General"" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter ""my_item_search"" in users.php is exploitable using SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the ""Key Compromise Impersonation (KCI)"" issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A SQL Injection issue was observed in the parameter ""q"" in jobcard-ongoing.php in EasyService Billing 1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ClipperCMS 1.3.3 allows Session Fixation.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ClipperCMS 1.3.3 has XSS in the ""Module name"" field in a ""Modules -> Manage modules -> edit"" action to the manager/ URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
MODX Revolution 2.6.3 has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Hue 3.12 has XSS via the /pig/save/ name and script parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iScripts eSwap v2.4 has SQL injection via the ""search.php"" 'Told' parameter in the User Panel.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the ""burnOverflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iScripts eSwap v2.4 has SQL injection via the ""salelistdetailed.php"" User Panel ToId parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On pages containing an iframe, the ""data:"" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through ""file:"" URLs. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"If a document's Referrer Policy attribute is set to ""no-referrer"" sometimes two network requests are made for ""<link>"" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Control characters prepended before ""javascript:"" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated ""_exposedProps_"" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A ""data:"" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when ""data:"" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A heap buffer overflow vulnerability may occur in WebAssembly when ""shrinkElements"" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebExtensions with the ""ActiveTab"" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through ""file:"" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored cross-site scripting (XSS) vulnerability in the ""Site Name"" field found in the ""site"" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cockpit 0.5.5 has XSS via a collection, form, or region.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A use-after-free vulnerability can occur when arguments passed to the ""IsPotentiallyScrollable"" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places ""../"" in the file name, the file can be stored in an unintended directory because of Directory Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the ""credential"" cookie, which might make it easier for attackers to obtain access at a later time (e.g., ""at least for a few minutes""). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the ""name"" (aka wplc_name) and ""email"" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
ILIAS before 5.2.3 has XSS via SVG documents.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers ""user-memory-access"" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using ""anonymous"" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka ""Azure IoT SDK Spoofing Vulnerability."" This affects C# SDK, C SDK, Java SDK.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to ""/MOXA\_CFG2.ini"" without a cookie header to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within ""ProxyPage.aspx"" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Installer in Whale allows DLL hijacking.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to ""/MOXA\_LOG.ini"" without a cookie header to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the ""/goform/net\_Web\_get_value"" uri to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the ""/goform/net\_Web\_get_value"" uri to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the ""/goform/net_WebCSRGen"" uri to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the ""/goform/WebRSAKEYGen"" uri to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the ""/goform/net_WebPingGetValue"" URI to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the ""multiOverflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"download.rsp on ShenZhen Anni ""5 in 1 XVR"" devices allows remote attackers to download the configuration (without a login) to discover the password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka "".NET and .NET Core Denial of Service Vulnerability."" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka ""Hyper-V vSMB Remote Code Execution Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Latest Posts on Profile"" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Denial of service in Gemalto's Sentinel LDK RTE version before 7.65,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the ""administrators"" group to crash services by sending specially crafted messages to the DCOM interface.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.7-10, there is a crash (rather than a ""width or height exceeds limit"" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the ""down_url"" URL into the ""bddlj"" local file if the attacker knows the backdoor ""jmmy"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the ""proxyOverflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Severalnines ClusterControl before 1.6.0-4699 allows XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka ""Windows Host Compute Service Shim Remote Code Execution Vulnerability."" This affects Windows Host Compute.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Katello allows remote authenticated users to call the ""system remove_deletion"" CLI command via vectors related to ""remove system"" permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the ""old password"" field in the change password form allows an attacker to bypass validation of this field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.,PHYSICAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when ""Content-Type: image/jpeg"" is sent, but the filename ends in .php and contains PHP code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the ""transferFlaw"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5679 and CVE-2018-5680.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5678.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of ""VOID"" tokens in jsparse.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability exists in Outlook when a message is opened, aka ""Microsoft Outlook Information Disclosure Vulnerability."" This affects Word, Microsoft Office.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of ""System setting->site setting"" of admin/index.php.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka ""Microsoft PowerPoint Remote Code Execution Vulnerability."" This affects Microsoft Office.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ""Microsoft Excel Information Disclosure Vulnerability."" This affects Microsoft Office, Microsoft Excel.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=""_blank"" rel=""noopener""' in A elements, which makes it easier for remote attackers to conduct redirection attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 have a null pointer dereference vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient validation of packets, which could be exploited to cause process crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled ""_uid"" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""file unpack"" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""file rename"" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the ""Account Deletion Custom Text"" input field on the wp-admin/admin.php?page=um_options&section=account page.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In CMS Made Simple (CMSMS) through 2.2.7, the ""file view"" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Electronic Numbers to URI Mapping (ENUM) module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the packets, successful exploit may cause buffer error and some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The ""list-sources""-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerability, successful exploit could cause the system reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka ""Microsoft Office Graphics Remote Code Execution Vulnerability."" This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mautic before v2.13.0 has stored XSS via a theme config file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a ""Cookie: Name=0admin"" header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in Spiffy before 5.4.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an ""HTTP command injection issue.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to ""CATV5_Backbone_Bus.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Moodle 3.2.2+, there is XSS in the Course summary filter of the ""Add a new course"" page, as demonstrated by a crafted attribute of an SVG element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka ""Microsoft JET Database Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"iScripts eSwap v2.4 has Reflected XSS via the ""catwiseproducts.php"" catid parameter in the User Panel.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the ""Wireless Setting - Basic"" screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via ""Admin Site title"" in Settings.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, an out of bound access for ebi channel array can potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the ""Name (display)"" field to the attributes/create URI).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability."" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The jDownloads extension before 3.2.59 for Joomla! has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (""test connection"").",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the ""Mark all pages visited"" on the watchlist does not require a CSRF token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, repeated enable/disable eMBMS requests may result in a double free condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with ""<!--#exec cmd="" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with ""<!--#exec cmd="" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write().",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing the retransmission of WPA supplicant command send failures, there is a make after break of the connection to WPA supplicant where the local pointer is not properly updated. If the WPA supplicant command transmission fails, a Use After Free condition will occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 835, an integer overflow vulnerability exists in a video library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, when processing a call disconnection, there is an attempt to print the RIL token-id to the debug log. If eMBMS service is enabled while processing the call disconnect, a Use After Free condition may potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, in the omx aac component, a Use After Free condition may potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in playready_licacq_process_response(), 'cbResponse' value is controlled by HLOS, and there is no validation on this length. If 'cbResponse' is too large, memory overread occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Frog CMS 0.9.5 has XSS via the name field of a new ""File"" or ""Directory"" on the admin/?/plugin/file_manager/browse/ screen.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, a buffer overflow may potentially occur while processing a response from the SIM card.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, MDM8996, an out-of-bounds access can potentially occur in tz_assign().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, added a change to check if the pointer has been reset to NULL or not, before writing to the memory pointed by the pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, Input_address is registered as a shared buffer and is not properly checked before use in OEMCrypto_Generic_Sign(). This allows addresses to be accessed that reside in secure/CP memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in OEMCrypto_GenerateSignature() can cause buffer over read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, possible buffer overflow if SIM card sends a response greater than 64KB of data for stream APDU command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, and SDX20, the reserved memory of TZ subsystem (like TZ apps and some PIL image subsystem) is not cleared after being used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in a QTEE syscall handler, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, and SD 810, possible null pointer dereference occurs due to failure of memory allocation when a large value is passed for buffer allocation in the Playready App.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, sensitive information may be returned to the QMI client as a response.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if the size parameter passed to TZ_PR_CMD_CONTENT_SET_PROP is small, an integer underflow occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) ""meaningless"" characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, lack of validation of the buffer size could lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, possible arbitrary memory read due to untrusted pointer dereference when handling HLOS controlled values passed to the QSEE syscall helper.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 617, SD 650/52, SD 800, and SD 810, if Widevine App TZ_WV_CMD_DECRYPT_VIDEO is called with a size too large, an integer overflow may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, unauthorized memory access possible in online memory dump feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in Secure DEMUX command handler, when parameter validation fails, an error code is written into a response buffer without checking that response buffer length, passed from HLOS, which may result in memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, possible buffer overflow when processing 1X circuit service message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, detection of Error Condition Without Action in Core.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear SD 820A, IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 450, and SD 850, lack of input validation for message length causes buffer over read in drm_app_encapsulate_save_keys.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iScripts eSwap v2.4 has SQL injection via the ""registration_settings.php"" ddlFree parameter in the Admin Panel.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"iScripts eSwap v2.4 has XSS via the ""registration_settings.php"" txtDate parameter in the Admin Panel.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the ""View Search By Id"" screen).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the corresponding active timer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 450, and SD 850, buffer overread vulnerability may occur while provisioning a content with a large message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_get_secure_state syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A, lack of input validation in QSEE can cause potential buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, untrusted pointer dereference in QSEE Syscall without proper validation can lead to access of blacklisted memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qsee_query_counter syscall could lead to untrusted pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_prng_getdata syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, in ADSP's QDI Root-PD driver, untrusted arguments from User PD may cause integer overflow resulting in buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, code to zeroize AES key could be compiled out by compiler which could potentially result in information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, and SDX20, when reading CDT from eMMC with a very large meta offset (>size of default CDT-array compiled in bootloader) for one of the CDBs, a buffer overflow occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect offset check in wv_dash_core_refresh_keys() may lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, buffer over-read in QSEE app may cause confidential information to be leaked.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer underflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double free in QTEE file service API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, a buffer overread in Playready may occur due to lack of input validation of the buffer size provided by HLOS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in the function ""Certificate_CreateWithBuffer"" in the QSEE app TQS, in case of memory allocation failure, we free the memory and return the pointer without setting it to NULL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very large.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier Downlink Data call in a multicell environment, a buffer overflow may occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DRM function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 800, SD 810, SD 820, SD 820A, SD 835, and Snapdragon_High_Med_2016, modem owned regions are accessible from secure side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a WideVine API function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if OEMCrypto_Dash_InstallEncapKeybox() is called with keyBoxLength set to a value higher than TZ_WV_MAX_DATA_LEN (20k), a buffer over-read occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation could lead to an untrusted pointer dereference in wv_dash_core_generic_verify().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a crypto API function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the rmp secure command, memory corruption may result if the response buffer is smaller than the expected size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in TQS QSEE application, while parsing ""Set Certificates"" command an integer overflow may result in buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in multiple Secure DEMUX functions (e.g., SDMX_open_session, SDMX_close_session, SDMX_set_session_cfg), when parameter validation fails, an error code is written into a response buffer, without checking that response buffer length (rsplen) passed from HLOS is large enough to hold the response. If the buffer is at the end of a non-secure page followed by secured memory page, this can cause a secure memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady API function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of buffer length validation in pvr_cmd_handler leads to unauthorized access to secure memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, processing of TZ application command in tz_app_cmd_handler function could lead to potential content disclosure of secure memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, improper input validation could cause a memory overread and cause the app to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, HLOS can cause a buffer overflow to occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, and SD 835, in some TrustZone API functions, untrusted pointers can be dereferenced.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the content headers in the Playready module, a buffer overread may occur if the header count exceeds the expected value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_set_domainid could lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, if cchFriendlyName is greater than TZ_PR_MAX_NAME_LEN in function playready_leavedomain_generate_challenge(), a buffer overread occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, in a PlayReady API function, a buffer over-read can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of input validation in playready_getadditional_responsedata could lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, there is improper access control in a file storage API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_licacq_process_response() can lead to memory over read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while provising the Playready module, a buffer overread may occur if the message passed is large.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, lack of input validation while processing TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executing in the context of the HLOS may be requested.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll().",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, in a PlayReady function, a NULL pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Kernel"" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the ""CoreTypes"" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Sandbox Profiles"" component. It allows attackers to determine whether arbitrary files exist via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Font Importer"" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""Security"" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""APFS"" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""PDFKit"" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Disk Management"" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""SafariViewController"" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the ""LLVM"" component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""Files Widget"" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""LaunchServices"" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Disk Images"" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""Telephony"" component. A buffer overflow allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the ""Safari Login AutoFill"" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the ""Telephony"" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Notes"" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
XSS & SQLi in HugeIT slideshow v1.0.4,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the ""Site title"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, improper handling of simultaneous interrupt in USB module during USB RESET and EP COMPLETE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, when processing bad HEVC clips, the DPB fills, and with no error handling for DPB being full, a hang occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, and SDX20, integer overflow occurs when the size of the firmware section is incorrectly encoded in the firmware image.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, buffer overflow vulnerability in RTP during Volte call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, UE crash is seen due to IPCMem exhaustion, when UDP data is pumped to UE's ULP (UserPlane Location protocol) UDP port 7275.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while playing back a .flv clip which doesn't have an inbuilt seek table, a dynamic index table access is out of bounds and leads to crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, improper offset validation leads to buffer overflow in video parser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, and SD 835, in a GNSS API function, a NULL pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, privilege escalation may occur due to inherently insecure treatment of local files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 800, SD 810, and SD 820, during a call, memory exhaustion can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of input validation for HCI H4 UART packet ID cause system denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, during SSL handshake, if RNG function (crypto API) returns error, SSL uses hard-coded random value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, in a supplementary services function, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, missing array index checks on app index in function qcril_uim_clear_encrypted_pin results in accessing addresses outside the bounds of the buffer when app index is too large.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, while processing downlink information, an assert can be reached.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, an integer overflow leading to buffer overflow can occur in a QuRT API function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by ""a\x80.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, improper input validation while processing SCM Command can lead to unauthorized memory access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, incorrect size calculation in QCRIL SCWS processing have Integer overflow which will lead to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 835, SD 845, and SD 850, vendor specific opcodes may not have any packet length validation leading to buffer over-reads.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, an integer overflow to buffer overflow can occur in a DRM API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be to ensure that any users of qsee_log in the bootchain (before Linux boots) unallocate their buffers and clear the qsee_log pointer. Until support for that is implemented in TZ and the bootloader, enable tz_log to avoid potential scribbling. This solution will prevent the linux kernel memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, while processing smart card requests, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, lack input validation may lead to a integer overflow that could potentially lead to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, an integer overflow leading to buffer overflow can occur during a VT call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, RTP daemon crashes and terminates VT call when UE receives RTCP unknown APP packet report which caused the parser to miss an end of RTCP packet length and go on forever looking for it, even going beyond the limits of the RTCP Packet length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlan_qmi_err_cb, the real kernel address will be printed regardless of the kptr_restrict system settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, and SDX20, when initializing scheduler object service request, an out of bounds access could occur due to uninitialized object number.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, NPA routines on the rootPD that handle resource requests remoted over QDI may not validate pointers passed from user space which may result in guest OS memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in a QuRT API function, an untrusted pointer dereference can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, in some QTEE syscall handlers, a TOCTOU vulnerability exists.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, SD 845, and SD 850, upgrading LibPNG from 1.6.12 to 1.6.21 fixes multiple issues with different CWEs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, and SD 850, TZ applications are not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, and SD 835, SMMU Access Control Policy was updated to block HLOS from accessing BLSP and BAM resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, TOCTOU vulnerability during SSD image decryption may cause memory corruption.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when executing a TA which has been granted privileges to the CPVC MINK class it is possible for the TA to access methods exposed by the CPVC interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, HMAC verification in counter file uses an insecure memcmp which may assist a timing attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled buffers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, a buffer overflow can occur in SafeSwitch.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, and SD 835, memory protection assertion happens after invoking TA termination out of order.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, input is not properly validated in a QTEE API function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 820A, PD failure reason string from user PD is used directly in root PD, so if the buffer parameter is non-NULL terminated in Diag F3 APIs, a buffer overread occurs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, improper input validation infuse read request leads to memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, information exposure vulnerability when logging debug statement due to %p usage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, potential stack-based buffer overflow exist in thermal service leading to root compromise.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, while logging debug statements or ftrace events from rmnet_data, the socket buffer function uses normal format specifiers which may result in information exposure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Core Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""QuartzCore"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""AppleGraphicsControl"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Security"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the ""IOHIDFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the ""Touch Bar Support"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the ""Wi-Fi"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""IOFireWireFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the ""NVIDIA Graphics Drivers"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the ""filled length"", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,NONE
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, key material is not always cleared properly.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument ""max"" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, when a hash is passed with zero datalength, the code returns an error, even though zero data length is valid.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, lack of address argument validation in qsee_get_tz_app_name() may lead to an untrusted pointer dereference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, memory leak may occur in the IPSecurity module when repeating IKE-Rekey.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper initialization of ike_sa_handle_ptr in IPSEC leads to system denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the ""match"" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A ""data:text/html;base64,"" payload can be used with JavaScript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerability is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the ""run_user"" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the ""run_user"" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PHPOK 4.8.338 has an arbitrary file upload vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Windows Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBOS 4.4.3 has XSS via a company full name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a SQL injection in the PHPSHE 1.6 userbank parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the ""sort"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the ""order"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the ""message"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the ""0e"" substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers ""Book Me"" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is ""apollosuperuser."" An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in ""id"" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: ""Apollo System Test"", ""emc.dpa.agent.logon"" and ""emc.dpa.metrics.logon"". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a ""SETFIREWALL Off"" command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable ""qty"" on the page index.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka ""ASP.NET Core Elevation Of Privilege Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: ""5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)"" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in ""Create New File"" and ""Create New Directory"" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the ""Create New File"" and ""Create New Directory"" input box from 'files'.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of ""Can view any file as a log file"" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a ""GET /syslog/save_log.cgi?view=1&file=/etc/shadow"" request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the ""flag"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a ""signal SIGTERM"" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka ""Hyper-V Denial of Service Vulnerability"".",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Authentication bypass in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote code execution in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Unsecured way of firmware update in Hanwha Techwin Smartcams,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka ""Microsoft Browser Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka ""Microsoft Browser Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event().",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-64893247. Reference: N-CVE-2017-6286.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PAM exposure enabling unauthenticated access to remote host,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol.  NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.  NOTE: the vendor disputes this issue stating ""the behaviour is as designed and needed for different packages to be installed"", ""there is a security warning if the package is not verified by OTRS Group"", and ""there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka ""Windows SMB Denial of Service Vulnerability"". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka ""Windows SMB Denial of Service Vulnerability"". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka ""Windows SMB Denial of Service Vulnerability"". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka ""Windows SMB Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library.  NOTE: this vulnerability exists because of a CVE-2009-5147 regression.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user ""sddm"" without authentication.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that attacker can exploit by sending a specially crafted SIP message leading to a process reboot at random.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date which may cause sensitive information leak.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer overflow vulnerability. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service abnormal.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak.,ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file',NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the ""Add New"" function for a Management User. Within the ""Add New"" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei VP9660 V500R002C10 has a null pointer reference vulnerability in license module due to insufficient verification. An authenticated local attacker could place a malicious license file into system which cause memory null pointer accessing and related processing crash. The attacker can exploit this vulnerability to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file',NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adminer through 4.3.1 has SSRF via the server parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CSRF exists on Polycom QDX 6000 devices.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stored XSS exists on Polycom QDX 6000 devices.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110562.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecified privileges. BM X-Force ID: 111234.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause process reboot.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ""traverse to parent directory"" are passed through to the file APIs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ""traverse to parent directory"" are passed through to the file APIs.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,LOW,LOW
"LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the ""RASHTML5Gateway"" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the ""timezone"" parameter in step 4 of a fresh installation procedure.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.7 has an ""outside the range of representable values of type unsigned char"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.7 has an ""outside the range of representable values of type short"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"tif_dirread.c in LibTIFF 4.0.7 has an ""outside the range of representable values of type float"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.7 has an ""outside the range of representable values of type float"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 78490"" and libtiff/tif_unix.c:115:23.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where ""env_reset"" has been disabled.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"smart/calculator/gallerylock/CalculatorActivity.java in the ""Photo,Video Locker-Calculator"" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter ""lf"" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in files.php in the ""files"" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the ""id"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. IBM X-Force ID: 111382.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the ""filename"" parameter via Wi-Fi, since the app could fail to parse this.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable ""data_len"" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11882.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with ""DEBUG = True"" (which makes this page accessible) in your production settings.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a ""suggested metadata tags for assets"" issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the ""add user"" feature of the User Permissions page).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in ""FLET'S Azukeru Backup Tool"" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka ""Microsoft SharePoint Information Disclosure Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0755, CVE-2018-0761, and CVE-2018-0855.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-""root"") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
West Wind Web Server 6.x does not require authentication for /ADMIN.ASP.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Calendar component in Tiki 17.1 allows HTML injection.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,HIGH
A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named ""OMEAdapterUser"" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called ""Authentication Providers"". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the ""return"" parameter of the ""index.php?pg=moderated"" endpoint. It executes when the return link is clicked.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0763.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0839.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain the installation path via vectors involving Birt report rendering. IBM X-Force ID: 111786.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in users/signup.php in the ""signup"" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the ""utype"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which ""chown -R"" will be run.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V200R003C20SPC900, V200R003C30SPC200 have a buffer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted SIP packages to the affected products. Due to the insufficient validation of some values for SIP packages, successful exploit may cause services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, ViewPoint 9030 V100R011C02, V100R011C03 have a buffer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-0304.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . This attack appear to be exploitable via Payload delivered via the type, name, and value parameters of /Query/set_preference and the name and value parameters of /Query/preference. Payload executed when the user visits the index view (/).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an ""MMU potential stack buffer overrun.""",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability due to insufficient input validation. An unauthenticated, remote attacker could exploit this vulnerability by sending malformed Session Initiation Protocol(SIP) packets to the target device. Successful exploit could make the device read out of bounds and thus cause a service to be unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound write vulnerability. Due to insufficient input validation, a remote, unauthenticated attacker may craft encryption key to the affected products. Successful exploit may cause buffer overflow, services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound read vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may send crafted signature to the affected products. Successful exploit may cause buffer overflow, services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,HIGH
"Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,HIGH
A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Devices with IP address setting tool ""MagicalFinder"" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary File Read in Saperion Web Client version 7.5.2 83166.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""Marketing > Forms"" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""Content Types > Content Types"" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal ""False"" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker may send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a null pointer dereference vulnerability. Due to insufficient input validation, an authenticated, local attacker may craft a specific XML file to the affected products to cause null pointer dereference. Successful exploit will cause some service abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module. An authenticated, local attacker may craft a specific XML file to the affected products. Due to improper handling of input, successful exploit will cause some service abnormal.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a SQL Injection vulnerability in .inc/callback.php that can result in execution of SQL commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the sensors parameter, used in ec(). This vulnerability appears to have been fixed in 1.7.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the ""File Upload"" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the ""File Upload"" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow vulnerability in ""Add command"" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the SyncBreeze Enterprise server and possibly remote command execution with SYSTEM privilege.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (""NumaraIT"") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a ""double encode combination of first_name, last_name and company.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with ""wrong L values.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated ""Global"" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000110.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000118.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x221808.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220840.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00824C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00825C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A0081DC.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008240.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008268.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A00813C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2208C0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008224.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008210.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008020.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008090.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Monstra CMS through 3.0.4 has an incomplete ""forbidden types"" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"/goform/setLang on iBall 300M devices with ""iB-WRB302N_1.0.1-Sep 8 2017"" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,LOW,NONE
"In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the ""First Name"" field of a user's /myprofile page.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Subsonic v6.1.3 has an insecure allow-access-from domain=""*"" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
"The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original ""Dirty cow"" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the ""Email Subscribers & Newsletters"" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the ""csdn"" substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option ""Web Server Protection"") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the ""User-Agent"" parameter in the HTTP POST request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as ""HP Backdoor"" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"X509 certificate verification was not correctly implemented in the early access ""user id"" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle 3.x, there is XSS via a calendar event name.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because ""width * height"" multiplications occur unsafely.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a ""double prepare"" approach, a different vulnerability than CVE-2017-14723.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to ""Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f"" on Windows. This occurs because of mishandling of XML tag name comparisons.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a ""GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts."" request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long ""Title name"" field in ""mail box"" data that is mishandled in an ""Open from mail box"" action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the ""set ship name"" command. This is similar to a Cross Protocol Injection with SNMP.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka ""ASP.NET Core Elevation Of Privilege Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the ""incoming mail"" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a ""This account does not exist"" error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PrestaShop 1.7.2.4 has XSS via source-code editing on the ""Pages > Edit page"" screen.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""SagePay Server Gateway for WooCommerce"" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Procter & Gamble ""Oral-B App"" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and ""z"" in a series of nested img BBCODE tags.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the ""FREAK"" issue, a different vulnerability than CVE-2015-0204.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a ""SMACK SKIP-TLS"" issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in ""the store"", violating a fundamental security assumption of GNU Guix.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka ""Microsoft Access Tampering Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the ""Media from FTP"" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a specially-crafted HDMI CEC message can be used to cause stack memory corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,LOW,LOW,LOW
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code ""__format=%27;alert(%27xss%27)"" to the URL an alert window would execute.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Sql Run Query"" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Add Link to Facebook"" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Online Ticket Booking has CSRF via admin/movieedit.php.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the ""Administrators"" or ""Content Administrators"" role.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the ""add repo"" component resulting in arbitrary code execution as root user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka "".NET Framework Remote Code Execution Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a ""pointer leak.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO=""des"" setting).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running ""shutdown -f.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the ""key"" argument.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vanguard Marketplace Digital Products PHP has CSRF via /search.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Readymade Job Site Script has CSRF via the /job URI.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during ""readelf -a"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the ""file"" schema in the firmware update functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,LOW
"Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,LOW,NONE
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default ""normalize URI"" configuration options used in iRules and/or BIG-IP LTM policies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a ""/OutputFile (%pipe%"" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,LOW,NONE
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the ""dead"" type.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that ""goes behind"" the surrounding tag.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).",NETWORK,HIGH,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,LOW
"An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows ""Write overflow in data2vp_wimax()"" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows ""DHCP - Read overflow when decoding option 63"" and a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows ""Write overflow in rad_coalesce()"" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka ""cpStripToTile heap-buffer-overflow.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka ""t2p_process_jpeg_strip heap-buffer-overflow.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka ""PixarLog horizontalDifference heap-buffer-overflow.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a ""state machine confusion bug.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users.  This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a ""SAML2 multi-session vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a ""root distance that did not include the peer dispersion.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) "" (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,HIGH
"arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
"The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4277.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says ""Not sure if this qualifies as security issue (probably not).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to ""scheme-relative"" URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the ""full name.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the ""/etc/pki/pulp/nodes/"" directory, which allows local users to gain access to sensitive data.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the ""negative zero"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\""){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a ""CacheBleed"" attack.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
"The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a ""split file in multivolume RAR,"" which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to ""type confusion"" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a ""type confusion"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"The getenv and filenameforall functions in Ghostscript 9.10 ignore the ""-dSAFER"" argument, which allows remote attackers to read data via a crafted postscript file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
admin/configuration.php in Piwigo 2.9.2 has CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the ""reasoncms-master/www/nyroModal/demoSent.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Bus Booking Script has CSRF via admin/new_master.php.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in the ""Upload Groupkey"" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of the argument-parsing behavior of the Tcl exec function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the ""checkemail"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka ""Microsoft Exchange Spoofing Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the ""Directory Utility"" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, ""This is not correctly encoded"", ""hex"");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka ""Microsoft Windows Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Screen Sharing Server"" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""IOAcceleratorFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the ""Mobile Partner"" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the ""IOMobileFrameBuffer"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the ""APNs Server"" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the ""IOKit"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka ""Microsoft Excel Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Food Order Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Child Care Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with ""Highest Level Bluetooth Encryption"" and ""Data transmissions are secure via AES256 bit encryption."" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.,NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38046353. References: N-CVE-2017-6263.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a ""Forced Restart Attack.""",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says ""I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a ""Hot Unplug Attack.""",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a ""Hot Plug attack.""",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in The Public Certification Service for Individuals ""The JPKI user's software"" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GitPHP by xiphux is vulnerable to OS Command Injections,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Indeo Otter through 1.7.4 mishandles a ""</script>"" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function ""msm_ois_power_down"" is called without a mutex and a race condition can occur in variable ""*reg_ptr"" of sub function ""msm_camera_config_single_vreg"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code on the affected device.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing ""traverse to parent directory"" are passed through to the file APIs.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side ""if (!passwordsAreEqual())"" test.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with ""root"" privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without authentication.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect the information of iPhone mode and firmware version.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a system crash or privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a ""<%%25call system.exec:"" string in the passwd parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the ""gap"" between the stack and the binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a ""bits/bytes confusion bug.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause out-of-bounds read and system crash.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 5800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 6800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 7800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 8800 with software V100R006C00, V200R001C00,E600 V200R008C00,S12700 with software V200R005C00, V200R006C00, V200R007C00, V200R008C00,S1700 with software V100R006C00, V100R007C00, V200R006C00,S2300 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S2700 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S5300 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S5700 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S6300 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R008C00,S6700 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S7700 with software V100R003C00, V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S9300 with software V100R001C00, V100R002C00, V100R003C00, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R008C10,S9700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,Secospace USG6600 V500R001C00SPC050 have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS (Link Status) age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11834.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated ""there is no security implication whatsoever.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability."" This CVE ID is unique from CVE-2017-11835.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka ""Windows Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11831.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Stop User Enumeration 1.3.8 allows user enumeration via the REST API,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka ""Windows Media Player Information Disclosure Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ""access_token"" parameter.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11791.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka ""Microsoft Edge Security Feature Bypass Vulnerability"". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka ""Windows GDI Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka ""Microsoft Word Memory Corruption Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values ""url_new"" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and ""logging"" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka ""Windows EOT Font Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11832.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka ""Microsoft Project Server Elevation of Privilege Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers ""user-memory-access"" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka ""Microsoft Excel Memory Corruption Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka ""Microsoft Graphics Component Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka ""Windows Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11880.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) ""paramFile"" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) ""paramFile"" parameter to /Site/Troubleshooting/SpeedTest.asp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka ""Inaudible Subversion.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or ""UI redress attack"" which could be used to cause a user to perform an unintended action in the user interface.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11855.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LightFTP version 1.1 is vulnerable to a buffer overflow in the ""writelogentry"" function resulting a denial of services or a remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile(),NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WBCE v1.1.11 is vulnerable to reflected XSS via the ""begriff"" POST parameter in /admin/admintools/tool.php?tool=user_search",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Exiv2 0.26 contains a heap buffer overflow in tiff parser,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a ""FrmAdvancedProtection"" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the ""FrmAdvancedProtection"" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An installer defect known as an ""unquoted Windows search path vulnerability"" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to ""pair"" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified ""specific information"" by which the agent identifies a network device that is ""appearing to be a valid Datto.""",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a ""favorite.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by ""a lot of junk.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party ""PCRE"" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Sandbox"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""ATS"" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""CFString"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Quick Look"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Open Scripting Architecture"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""CFNetwork"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""HelpViewer"" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows local users to bypass intended memory-read restrictions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""libarchive"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party ""file"" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""libarchive"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""libarchive"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""AppleScript"" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Remote Management"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Dictionary Widget"" component. It allows attackers to read local files if pasted text is used in a search.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""APFS"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the ""Kernel"" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (""[ORIGINAL_FILENAME]~"") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (""[ORIGINAL_FILENAME].swp"") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The installer in MyBB before 1.8.13 has XSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Inedo BuildMaster before 5.8.2 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a ""scsi remove-single-device"" line to /proc/scsi/scsi, aka SCSI MICDROP.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools, an address access exception was found in swfdump swf_GetBits().",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools, a memcpy buffer overflow was found in gif2swf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools, a stack overflow was found in pdf2swf.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the ""Wireless Settings"" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.  NOTE: this vulnerability exists because of a CVE-2016-2516 regression.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,LOW
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CPA Lead Reward Script allows SQL Injection via the username parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters ""refresh"" and ""branchtotable"" present in HTTP POST requests.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code.  NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the ""/var/log/ltm"" log file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve19179.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target=""_blank"" and window.open())",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a ""forbidden attack."" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka ""Cross Domain Referer Leakage.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the ""negative"" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the ""default"" or used in any pages.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states ""I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.""",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.  NOTE: Related to CVE-2014-2053.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string ""master"" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The SumaHo application 3.0.0 and earlier for Android and the SumaHo ""driving capability"" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an ""Unauthenticated JWT signing algorithm in routing"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Gajim through 0.16.7 unconditionally implements the ""XEP-0146: Remote Controlling Clients"" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.",NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the ""webwatch.(REDACTED).com"" server mentioned in the reference.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
salt before 2015.5.5 leaks git usernames and passwords to the log.,NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d"" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to ""Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61"" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the ""Options > Personal Informations > Email Address"" setting.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"coders/rle.c in ImageMagick 7.0.5-4 has an ""outside the range of representable values of type unsigned char"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A boundary error within the ""parse_tiff_ifd()"" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to ""DSLR-A100"" and containing multiple sequences of 0x100 and 0x14A TAGs.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to ""Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The ""strictrtp"" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The ""nat"" and ""rtp_symmetric"" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a ""Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the ""-v"" option to -1.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses ""cardsList"" after the handle has been released through the SCardReleaseContext function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call.  NOTE: the vendor states ""there is no kernel bug here.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka ""Linux pciback missing sanity checks.""",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.",LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a ""type confusion"" in the serialize_function_call function.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an ""Add File Via URL"" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka ""Microsoft Outlook Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11822.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Ranger before 0.6.2, users with ""keyadmin"" role should not be allowed to change password for users with ""admin"" role.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI ""Login Disclaimer"" redir parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the ""ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the ""Name des Bouquets"" field, or the file parameter to the /file URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a ""User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Folios). The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka ""Windows Subsystem for Linux Denial of Service Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the ""ld64"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the ""ld64"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to obtain sensitive Contact card information via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Location Framework"" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Time"" component. The ""Setting Time Zone"" feature mishandles the possibility of using location data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""Directory Utility"" component. It allows local users to discover the Apple ID of the computer's owner.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Phone"" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the ""WebKit Storage"" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""Mail"" component. It allows remote attackers to bypass an intended off value of the ""Load remote content in messages"" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Messages"" component. It allows remote attackers to cause a denial of service (crash) via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the ""WebKit"" component. It allows remote attackers to spoof the address bar.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""Screen Lock"" component. It allows physically proximate attackers to read Application Firewall prompts.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""IOFireWireFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the ""ld64"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the ""AppSandbox"" component. It allows attackers to cause a denial of service via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""iBooks"" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the ""Mail MessageUI"" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) ""Install and Update"" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party ""file"" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the ""page name"" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""DiskArbitration"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to ""Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a ""Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a ""User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to ""Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to ""Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a ""Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV near NULL starting at CADIMAGE+0x00000000003d5b52.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001e6b0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f31b.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ecaa.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ce82.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029ba.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000013968.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029c2.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d6b0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009ae0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000000348b9.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV starting at CADIMAGE+0x000000000000613a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000700b00260112 called from CADIMAGE+0x00000000003d35ad.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000002ca2e.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""Read Access Violation on Control Flow starting at CADIMAGE+0x00000000003d35a7.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at CADIMAGE+0x00000000003d2328.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at CADIMAGE+0x00000000000042d5.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at CADIMAGE+0x00000000003d22d8.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"IrfanView version 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to ""Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to ""Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at CADImage+0x0000000000285d79.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to ""Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at CADImage+0x0000000000285dad.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV starting at CADImage+0x00000000000032eb.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an ""Illegal Instruction Violation starting at xnview+0x0000000000370074.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a ""Read Access Violation starting at CADImage+0x00000000001a78db.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""Data Execution Prevention Violation starting at xnview+0x0000000000580063.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV starting at CADImage+0x0000000000002d83.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a ""User Mode Write AV starting at CADImage+0x00000000000048e7.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the ""Title of your FAQ"" field in the Configuration Module.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka ""Microsoft Search Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka ""Microsoft Office SharePoint XSS Vulnerability"". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka ""Microsoft Office SharePoint XSS Vulnerability"". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka ""Windows SMB Denial of Service Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka ""Internet Explorer Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka ""Microsoft Office SharePoint XSS Vulnerability"". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka ""Microsoft JET Database Engine Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8718.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame().",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to ""embedding a JavaScript library from an external source that was not reliable.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of ""plugin/controllers/models/config.py"" performs an eval() call on the contents of the ""key"" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a ""SYSTEM"" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"KDE KMail does not encrypt attachments in emails when ""automatic encryption"" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Intense WP ""WP Jobs"" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GANMA! App for iOS does not verify SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS vulnerability via IMG element at ""Filename"" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stored XSS vulnerability via IMG element at ""Leadname"" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to ""Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery in the REST API in IPython 2 and 3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting ""Traffic Monitor"" sections ""Events"" and ""All."" As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the ""id"" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a ""Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FreeIPA might display user data improperly via vectors involving non-printable characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to ""container"" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka ""PowerPoint Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8743.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox ""exec"" command. As the process is running as ""root"" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:""root"" password:""root"") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:""root"" password:""root""). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Portus 2.2.0 has XSS via the Team field, related to typeahead.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka ""Microsoft XML Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
fts.c in coreutils 8.4 allows local users to delete arbitrary files.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka ""Windows Performance Monitor Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Pydio XSS Vulnerabilities.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Untrusted search path vulnerability in ""i-filter 6.0 installer"" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a ""deeply nested element with infinite size"" followed by another element of an upper level in an EBML document.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Moodle 3.x, glossary search displays entries without checking user permissions to view them.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to ""log in"" as any other user via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as ""/"", ""?"" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the ""application directory"", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a ""regular expression denial of service (ReDoS).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to ""corrupt the business logic"" via a negative value in an overdraft.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MoinMoin 1.9.8 allows remote attackers to conduct ""JavaScript injection"" attacks by using the ""page creation"" approach, related to a ""Cross Site Scripting (XSS)"" issue affecting the action=AttachFile (via page name) component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MoinMoin 1.9.8 allows remote attackers to conduct ""JavaScript injection"" attacks by using the ""page creation or crafted URL"" approach, related to a ""Cross Site Scripting (XSS)"" issue affecting the action=fckdialog&dialog=attachment (via page name) component.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Availability impacts).",LOCAL,LOW,LOW,REQUIRED,CHANGED,NONE,NONE,HIGH
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to ""old upgrade files.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to ""style import.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to ""loose comparison false positives.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts).",PHYSICAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts).,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Core Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0 and 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,LOW,NONE
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the ""id"" HTTP GET parameter passed to the ""core/admin/adjax/dashboard/check-module-integrity.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8636.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file.  NOTE: this issue was originally reported as involving a NULL pointer dereference.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to ""handling of Linux futex robust lists.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,NONE,HIGH
The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file.  NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a ""Buffer Overflow"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Administration passwords can be retried without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  A configuration file contains parameters that represent passwords in plaintext.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  An attacker can freely use brute force to determine parameters needed to bypass authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a ""sequence of memory allocation failures.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a ""HEIST"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Firmware can be updated over the network without authentication, which may allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""WiFi"" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the ""Springboard"" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the ""CoreText"" component. It allows remote attackers to cause a denial of service via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the ""iTMSTransporter"" component, which allows attackers to obtain sensitive information via a crafted EPUB.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the ""iTunes Backup"" component, which improperly hashes passwords, making it easier to decrypt files.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""Thunderbolt"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the ""Windows Security"" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the ""Safari"" component, which allows remote web servers to cause a denial of service via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Clipboard"" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""xar"" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""WebSheet"" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the ""iCloud"" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the ""FaceTime"" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""Core Image"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the ""IDS - Connectivity"" component, which allows man-in-the-middle attackers to spoof calls via a ""switch caller"" notification.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a ""HEIST"" attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""WebKit"" component, which allows XSS attacks against Safari.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a ""Web Admin Portal > Log Configuration > Add"" action.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says ""This is a Q64 issue and we do not support Q64.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the ""View the Date & Time"" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.,NETWORK,HIGH,HIGH,NONE,CHANGED,LOW,HIGH,NONE
"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the ""RDMA protocol over infiniband"" (aka Soft RoCE) technology.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the ""path"" HTTP GET parameter passed to the ""ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the ""phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the ""form"" HTTP GET parameter passed to the ""PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php"" and ""PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php"" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge ""stable release"" (aka R37RC1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the ""poodll_audio_url"" HTTP GET parameter passed to the ""filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An incorrect implementation of ""XEP-0280: Message Carbons"" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,LOW
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a ""regular expression denial of service (ReDoS).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with ""manage their own media items"" and ""manage their own entries and comments"" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a ""regular expression denial of service (ReDoS).""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a ""forbidden attack,"" a similar issue to CVE-2016-0270.  NOTE: this issue may be due to the use of a third-party Cavium product.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a ""negation overflow.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the ""value"" HTTP POST parameter passed to the ""itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a ""site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ""webpagetest-master/www/compare-cf.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ""nagvis-master/share/userfiles/gadgets/std_table.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ""server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ""admin_console/web/tools/SimpleJWPlayer.php"" URL, the ""admin_console/web/tools/AkamaiBroadcaster.php"" URL, the ""admin_console/web/tools/bigRedButton.php"" URL, and the ""admin_console/web/tools/bigRedButtonPtsPoc.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ""whatanime.ga-master/index.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the ""php-calendar-master/error.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving ""too many exceptions,"" which trigger a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""OpenID Connect Relying Party and OAuth 2.0 Resource Server"" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an ""AuthType oauth20"" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative ""ts.tv_sec"" value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user).",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.",LOCAL,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an ""nmap -O"" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka ""Service ready"") string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a ""forbidden attack,"" a similar issue to CVE-2016-0270.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the ""addr"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The ""Plug-in for VMware vCenter"" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP (""GET system.ini HTTP/1.1\n\n"" - note the lack of ""/"" in the path field of the request) request that will disclose the configuration file with the login password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.",LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the ""name"" parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.  NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (""opcode"" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete the user's sent and received text messages and call log. This allows a third-party app to obtain PII from the user without permission to do so.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience.",PHYSICAL,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,HIGH
"Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka ""Design Manager > Categories > Category Description"").",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-master/www/weblite.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) ""Name of application"" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the ""adminpage > sitesetting > General Settings > globalmetadata"" field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the ""concrete5-legacy-master/web/concrete/tools/files/selector_data.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting (XSS) in ""/sitecore/client/Applications/List Manager/Taskpages/Contact list"" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,LOW
"An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as "".."" that can resolve to a location that is outside of that directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the ""shimmie2-master/ext/chatbox/history/index.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the ""concrete5-legacy-master/web/concrete/tools/files/search_dialog.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the ""imdbphp-master/demo/search.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.  NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"External Entity Processing (XXE) vulnerability in the ""risk score"" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the ""high encryption"" setting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain ""equipment  management authority"" via TCP traffic to port 23.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing ""PHPSESSID"" to an array; (2) adding non-alphanumeric chars to ""PHPSESSID""; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Remote file download vulnerability in recent-backups v0.7 wordpress plugin,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XSS in filedownload v1.4 wordpress plugin,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open Proxy in filedownload v1.4 wordpress plugin,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,HIGH,NONE
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the ""pi-develop/www/script/editor/markitup/preview/markdown.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the ""value"" parameter to ""download.""",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the ""next"" parameter which then redirects to any domain irrespective of the Host header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, ""RESET!""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to ""READ of size 1"" and libtiff/tif_fax3.c:413:13.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the ""Open.GL-master/index.php"" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a "" (double quote) character and a command substitution metacharacter.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XSS exists in the CMS Made Simple (CMSMS) 2.1.6 ""Content-->News-->Add Article"" feature via the m1_content parameter. Someone must login to conduct the attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in the CMS Made Simple (CMSMS) 2.1.6 ""Content-->News-->Add Article"" feature via the m1_summary parameter. Someone must login to conduct the attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a ""Change cipher spec"" packet without pre-handshake.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to ""too many object.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Nagios.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands.  NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Snoopy allows remote attackers to execute arbitrary commands.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions have a CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to execute arbitrary code or restart the system via crafted DNS packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.,LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN, the attacker can access the Internet via the cracked device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""libxslt"" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of ""declare(ticks="" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating ""Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to ""fake LLDP injection.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the ""files"" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a ""type confusion"" in the JSON.stringify function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
iBaby M3S has a password of admin for the backdoor admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Opsview before 2015-11-06 has XSS via SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the ""anonymous"" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CloudView NMS before 2.10a has XSS via a TELNET login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CloudView NMS before 2.10a has XSS via SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a ""resource injection vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Netikus EventSentry before 3.2.1.44 has XSS via SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a ""two way heap and stack overflow.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail does not properly clean environment variables, which allows local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SeaWell Networks Spectrum SDC 02.05.00 has a default password of ""admin"" for the ""admin"" account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ""Smart related articles"" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""Smart related articles"" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka ""Microsoft Office XSS Elevation of Privilege Vulnerability.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a ""reflected file download"" attack.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.  NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Google Chrome caches TLS sessions before certificate validation occurs.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ""cmc"" and ""password"" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an ""exceptional URL"" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a ""GET HTTP/1.1"" request, aka SVE-2016-5036.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Cybozu Garoon before 4.2.2 does not properly restrict access.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in Cybozu Garoon before 4.2.2.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the ""New appointment"" function in Cybozu Garoon before 4.2.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the ""User details"" function in Cybozu Garoon before 4.2.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the ""Response request"" function in Cybozu Garoon before 4.2.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""Scheduler"" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via ""tc filter add"" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Android allows users to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Photopt for Android before 2.0.1 does not verify SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Session fixation vulnerability in pcsd in pcs before 0.9.157.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from ""Switch Info"" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"WAON ""Service Application"" for Android 1.4.1 and earlier does not verify SSL certificates.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a ""temporary administrator account vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) ""Click here to learn more"" or (2) ""View privacy policy"" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a ""local privilege escalation vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.",LOCAL,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,LOW
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
illumos smbsrv NULL pointer dereference allows system crash.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a ""Posts > Add New"" action, and during creation of new tags and users.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole ""Simple PHP File Manager"" component).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.",NETWORK,HIGH,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol=""application/pgp-encrypted""; boundary=""abc123abc123""' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter ""filter"" can be used for LDAP Injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long ""Register a new card"" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0222.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the ""number of courses displayed in the course overview block"" configuration setting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An integer overflow error within the ""foveon_load_camf()"" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request.  NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka ""Microsoft SharePoint XSS Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka ""Microsoft Edge Remote Code Execution Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka ""Scripting Engine Memory Corruption Vulnerability"". This vulnerability is unique from CVE-2017-0223.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka ""unauthenticated remote command execution."" This command can be re-sent endlessly to act as a DoS attack on the client.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a ""safe file extension"" protection mechanism, leading to remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A boundary error within the ""foveon_load_camf()"" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"readelf.c in GNU Binutils 2017-04-12 has a ""shift exponent too large for type unsigned long"" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in pxl-outline.c:106:54.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in autotrace.c:191:2.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in autotrace.c:188:23.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in installers for The Public Certification Service for Individuals ""The JPKI user's software (for Windows 7 and later)"" Ver3.1 and earlier, The Public Certification Service for Individuals ""The JPKI user's software (for Windows Vista)"", The Public Certification Service for Individuals ""The JPKI user's software"" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-tga.c:192:19.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-tga.c:508:18.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-tga.c:498:55.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-bmp.c:309:7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-bmp.c:326:17.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""left shift ... cannot be represented in type int"" issue in input-bmp.c:516:63.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-bmp.c:314:7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of ""Download latest in-development version from github.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-bmp.c:486:7.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libautotrace.a in AutoTrace 0.31.1 has a ""cannot be represented in type int"" issue in input-tga.c:528:63.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via ""%0A"" characters in the PATH_INFO to __session_start__/.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous ""use lib"" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated ""back end"" users to view files outside their file mounts or the document root via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states ""You must implicitly trust any package or extension you install as they all have the ability to write PHP files.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when ""Internet pass-thru Mode"" is enabled, which allows attackers with access to STA side LAN can obtain files or data.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an ""<svg/onload="" substring instead of an ""<svg onload="" substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states ""You must implicitly trust any package or extension you install as they all have the ability to write PHP files.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via ""Messages"" function of Cybozu Garoon Keitai.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via ""MultiReport"" function.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the ""LiveConnectionDetail.jsp"" application. GET parameters ""applicationname"" and ""username"" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Hands-on Vulnerability Learning Tool ""AppGoat"" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
markdown-it before 4.1.0 does not block data: URLs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in Vindula 1.9.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.  NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the ""redirect"" parameter is not validated.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in SiberianCMS before 4.10.0.  The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the ""SiberianCMS-master/errors/500.php"" URL.  An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products.  iOS before 10.3 is affected.  The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the ""Profiles"" component.  It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.  The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES.  An attacker can cause a buffer to be allocated and never freed.  When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka ""Microsoft Edge Security Feature Bypass Vulnerability"". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8504.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka ""Microsoft PowerPoint Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in The Public Certification Service for Individuals ""The JPKI user's software (for Windows 7 and later)"" Ver3.0.1 and earlier, The Public Certification Service for Individuals ""The JPKI user's software (for Windows Vista)"" Ver3.0.1 and earlier and The Public Certification Service for Individuals ""The JPKI user's software"" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Fedora Nagios package uses ""nagiosadmin"" as the default password for the ""nagiosadmin"" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8519.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka ""Windows Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka ""Graphics Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka ""Microsoft Browser Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka ""Windows Uniscribe Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0283.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8547.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""First State Bank of Bigfork Mobile Banking"" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka ""Blind SQL Injection with privileged UAA endpoints.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Algonquin State Bank Mobile Banking"" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""Morton Credit Union Mobile Banking"" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Blue Ridge Bank and Trust Co. Mobile Banking"" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""CFB Mobile Banking"" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The ""Oculina Mobile Banking"" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Pioneer Bank & Trust Mobile Banking"" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""FSBY Mobile Banking"" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Oritani Mobile Banking"" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""SCSB Shelbyville IL Mobile Banking"" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Your Legacy Federal Credit Union Mobile Banking"" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""Charlevoix State Bank"" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""PCSB BANK Mobile"" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The ""FVB Mobile Banking"" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The ""State Bank of Waterloo Mobile Banking"" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.",PHYSICAL,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.,NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a ""write path.""",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.,NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the ""Remove partitioning"" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted ""strh"" structure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving ""unexpected"" base/limit values.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,NONE
"Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the ""crafted image file"" approach, related to an ""Insecure Sign Extension"" issue affecting the ImagingNew in Storage.c component.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Integrity and Availability impacts).",LOCAL,LOW,LOW,NONE,CHANGED,NONE,HIGH,HIGH
"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability impacts).",LOCAL,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
"An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka ""Microsoft Graphics Component Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated ""WRITE_SMS"" permission.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In ObjectPlanet Opinio before 7.6.4, there is XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be ""jumped"" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing "".."" sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The custom authentication realm used by karaf-tomcat's ""opendaylight"" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
Ruckus Wireless H500 web management interface authenticated command injection,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Ruckus Wireless H500 web management interface denial of service,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Ruckus Wireless H500 web management interface authentication bypass,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string ""_pub.pem"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458.",LOCAL,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to ""Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka ""Scripting Engine Memory Corruption Vulnerability"". This vulnerability is unique from CVE-2017-0252.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""GDI Information Disclosure Vulnerability.""",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the ""Security"" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""iBooks"" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""WindowServer"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""IOGraphics"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Multi-Touch"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Multi-Touch"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""WindowServer"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""WindowServer"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""iBooks"" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""NVIDIA Graphics Drivers"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the ""Speech Framework"" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a ""tomcat"" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a ""User Mode Write AV starting at image00000000_00400000+0x000000000001b72a.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a ""Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a ""Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a ""User Mode Write AV starting at Xfpx+0x0000000000004efd.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in ""Browser"" mode, because of a ""Stack Buffer Overrun"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a ""Read Access Violation starting at image00000000_00400000+0x000000000001b596.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a ""Read Access Violation starting at Xfpx+0x000000000000d6da.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to ""Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in ""Browser"" mode, because of a ""User Mode Write AV near NULL"" in XnView.exe.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a ""Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at xnview+0x000000000037a8aa.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a ""User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a ""User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018"" (with RPC initialization).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018"" (without RPC initialization).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in ""Browser"" mode, because of a ""User Mode Write AV near NULL"" in XnView.exe.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka ""Hyper-V Denial of Service Vulnerability."" This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.",NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Remote Code Execution Vulnerability."" This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Remote Code Execution Vulnerability."" This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability."" This CVE ID is unique from CVE-2017-0168.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability."" This CVE ID is unique from CVE-2017-0169.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka ""Active Directory Denial of Service Vulnerability.""",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Remote Code Execution Vulnerability."" This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Remote Code Execution Vulnerability."" This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. When secure applications inside Qualcomm Secure Execution Environment (QSEE) receive memory addresses from a high level operating system (HLOS) such as Linux Android, those address have previously been verified as belonging to HLOS memory space rather than QSEE memory space, but they were not verified to be from HLOS user space rather than kernel space. This lack of verification could lead to privilege escalation within the HLOS.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. ""Scripting Engine Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0093.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka ""Microsoft Edge Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka ""ATMFD.dll Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut47751.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.,LOCAL,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to ""Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x0000000000000589.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to ""Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a ""Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In libsndfile before 1.0.28, an error in the ""flac_buffer_copy()"" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libsndfile before 1.0.28, an error in the ""flac_buffer_copy()"" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libsndfile before 1.0.28, an error in the ""header_read()"" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In libsndfile before 1.0.28, an error in the ""flac_buffer_copy()"" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c998.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to ""Data from Faulting Address controls subsequent Write Address starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a525.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""Read Access Violation on Block Data Move starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b84f.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014eb.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX+0x0000000000001555.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX+0x000000000000176c.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a ""User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to an ""Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX+0x000000000000688d.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a ""Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a ""Read Access Violation starting at FPX+0x000000000000153a.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to ""Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the ""EFI"" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka ""Microsoft Office Information Disclosure Vulnerability.""",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka ""Microsoft Edge Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka ""Microsoft Browser Spoofing Vulnerability."" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Edge Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka ""PowerShell Security Feature Bypass Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka ""Windows Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Windows GDI+ Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Microsoft Edge Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to visit an untrusted webpage or (2) tricking a server into sending a DNS query to a malicious DNS server, aka ""Windows DNS Query Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka ""Microsoft IIS Server XSS Elevation of Privilege Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Scripting Engine Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka ""Microsoft Active Directory Federation Services Information Disclosure Vulnerability.""",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka ""Windows Media Player Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka ""Microsoft Browser Spoofing Vulnerability."" This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the ""Safari"" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the ""APNs Server"" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the ""Wiki Server"" component. It allows remote attackers to enumerate user accounts via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the ""WebKit"" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, ""Internet Explorer Elevation of Privilege Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability."" This vulnerability is different from that described in CVE-2017-0040.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka ""Microsoft Lync for Mac Certificate Validation Vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka ""Microsoft SharePoint XSS Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Multi-Touch"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""AppleGraphicsPowerManagement"" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""DataAccess"" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Menus"" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""IOATAFamily"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Printing"" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the ""Kernel"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Accounts"" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Safari Reader"" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the ""WebKit"" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the ""Export"" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""IOFireWireFamily"" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717.",ADJACENT_NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""Siri"" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""AppleRAID"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""IOFireWireAVC"" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""IOFireWireAVC"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the ""HomeKit"" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""CoreMedia"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""iBooks"" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. Known Affected Releases: 7.0(3)I3(1) 8.3(0)CV(0.342) 8.3(0)CV(0.345). Known Fixed Releases: 8.3(0)CV(0.362) 8.0(1) 7.0(3)IED5(0.19) 7.0(3)IED5(0) 7.0(3)I4(1) 7.0(3)I4(0.8) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1) 7.0(3)F1(0.230).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). Known Fixed Releases: 7.0(3)I3(1) 7.0(3)I3(0.257) 7.0(3)I3(0.255) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability. Cisco Bug IDs: CSCuy83069.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52317.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A potential Buffer Overflow Vulnerability (from a BB Code handling issue) has been identified in TeamSpeak Server version 3.0.13.6 (08/11/2016 09:48:33), it enables the users to Crash any WINDOWS Client that clicked into a Vulnerable Channel of a TeamSpeak Server.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the ""Post-installation and upgrade tasks"" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the ""System Integrity Protection"" component. It allows attackers to modify the contents of a protected disk location via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a ""Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the ""Custom output format"" field).",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the ""cube"" and it will stop responding.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a ""User Mode Write AV near NULL"" issue.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka ""Microsoft Edge Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka ""Microsoft Edge Remote Code Execution Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8501.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8502.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka ""Microsoft Browser Spoofing Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SWFTools 2013-04-09-1007 on Windows has a ""Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71"" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violation).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a ""User Mode Write AV starting at xnview+0x000000000022bf8d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka ""Microsoft Exchange Cross-Site Scripting Vulnerability"". This CVE ID is unique from CVE-2017-8560.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka ""Microsoft Exchange Cross-Site Scripting Vulnerability"". This CVE ID is unique from CVE-2017-8559.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager ""Add Site"" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka ""Hyper-V Information Disclosure Vulnerability.""",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,LOW,NONE,NONE
"Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka ""Hyper-V Denial of Service Vulnerability."" This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default ""Normalize URI"" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka ""Hyper-V Remote Code Execution Vulnerability."" This vulnerability is different from that described in CVE-2017-0075.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka ""Hyper-V Denial of Service Vulnerability."" This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097.",ADJACENT_NETWORK,HIGH,HIGH,NONE,CHANGED,NONE,NONE,HIGH
Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after ""<?php"" in a route=template request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka ""Kerberos SNAME Security Feature Bypass Vulnerability"" or Orpheus' Lyre.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Installer of ""Setup file of advance preparation"" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka ""Win32k Information Disclosure Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka ""Microsoft Exchange Open Redirect Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a ""Data from Faulting Address controls Code Flow"" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,HIGH,HIGH
"Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka ""Microsoft Browser Security Feature Bypass"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Moodle 3.x has user fullname disclosure on the user preferences page.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ""Content-Type: image/svg+xml"" header.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka ""Https.sys Information Disclosure Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8570.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CSRF in Bitly oauth2_proxy 2.1 during authentication flow,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the ""Safari"" component. It allows remote attackers to spoof the address bar via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. ""0day""), running the service in question with root privileges rather than the user intended.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to ""Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to ""Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to ""Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka ""Scripting Engine Memory Corruption Vulnerability.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the ""EventKitUI"" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Audio"" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""kext tools"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Foundation"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""AppleGraphicsPowerManagement"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the ""PING"" (aka tag_ipPing) feature within the web interface allows performing command injection, via the ""pip"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the ""afclip"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,LOW,LOW
"Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1).",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
"A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the ""Projects"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"phpMyBackupPro 2.5 and earlier does not properly escape the ""."" character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts).",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 3.1 (Integrity impacts).",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the ""Projects"" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the ""Contacts"" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the ""IOAudioFamily"" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash).  NOTE: Exists as a regression to CVE-2009-1955.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the ""Bad Taste"" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the ""eshopcart"" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""SpringBoard"" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Image Capture"" component, which allows attackers to execute arbitrary code via a crafted USB HID device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Mail"" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Grapher"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""IOSurface"" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Foundation"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""AppleGraphicsPowerManagement"" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""IOFireWireFamily"" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""CoreCapture"" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""CoreStorage"" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""SpringBoard"" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the ""CoreMedia External Displays"" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Media Player"" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the ""Safari Reader"" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.",NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Find My iPhone"" component, which allows physically proximate attackers to disable this component by bypassing authentication.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Accessibility"" component, which accepts spoken passwords without considering that they are locally audible.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Assets"" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""IOKit"" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Graphics Driver"" component, which allows remote attackers to cause a denial of service via a crafted video.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the ""Accessibility"" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29).",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having ""itself as ancestor more than once.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the ""demangling of virtual tables.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter ""target"" of function ""DragnDropReRank"" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an ""addresses, countries, and regions"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a ""sef URL"" issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,LOW,HIGH
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"In BMC Patrol before 9.13.10.02, the binary ""listguests64"" is configured with the setuid bit. However, when executing it, it will look for a binary named ""virsh"" using the PATH environment variable. The ""listguests64"" program will then run ""virsh"" using root privileges. This allows local users to elevate their privileges to root.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view.  NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""ntfs"" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the ""Contacts"" component, which does not prevent an app's Address Book access after access revocation.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""ATS"" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""ImageIO"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""ATS"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the ""NVIDIA Graphics Drivers"" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.,LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5588.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5567.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5571.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to INFRA.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.",LOCAL,LOW,HIGH,REQUIRED,CHANGED,LOW,HIGH,NONE
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5592.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5591.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,NONE
"A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior to 1.8.16 and prior to 1.9.3, Cisco Meeting App releases prior to 1.9.8, Acano Meeting Apps releases prior to 1.8.35. More Information: CSCva75942 CSCvb67878. Known Affected Releases: 1.81.92.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway.,NETWORK,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r).",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an ""httpoxy"" issue, a related issue to CVE-2016-5387.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka ""Universal XSS (UXSS).""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.",LOCAL,LOW,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage ""type confusion,"" a different vulnerability than CVE-2016-4709.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage ""type confusion,"" a different vulnerability than CVE-2016-4710.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a ""display: contents"" Cascading Style Sheets (CSS) property.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6994.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6939.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6988.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6993.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, and CVE-2016-7018.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In MODX Revolution 2.5.7, the ""key"" and ""name"" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing ""EXIT, Down, Down, 2"" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is ""scope""; if you set as its value a ""realm"" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The ""Project Documentation"" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the ""T"" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a ""/"" at the end of a URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the ""t"" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,NONE,NONE,HIGH
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a ""type confusion"" via an HWPX file containing a crafted para text tag.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a ""Read Access Violation starting at reporter!madTraceProcess.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a ""User Mode Write AV starting at reporter!madTraceProcess.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Graphics Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Windows Graphics Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka ""Windows Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka ""Windows Uniscribe Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution. NOTE: this may be related to a compiler bug.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Windows Graphics Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka ""Windows Graphics Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4261.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4261, and CVE-2016-4262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka ""Win32k Information Disclosure Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka ""Windows Kernel Information Disclosure Vulnerability,"" a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka ""Universal XSS (UXSS).""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
INFOR EAM V11.0 Build 201410 has XSS via comment fields.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., ""usr"") that is transmitted in the login.php query string.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka ""Microsoft Browser Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8653.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka ""Volume Manager Extension Driver Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka ""Win32k Information Disclosure Vulnerability"".",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka ""Windows Hyper-V Remote Code Execution Vulnerability"".",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka ""Microsoft Edge Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-8503.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka ""Windows Subsystem for Linux Denial of Service Vulnerability"".",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka ""Windows Hyper-V Denial of Service Vulnerability"".",NETWORK,LOW,HIGH,NONE,CHANGED,NONE,NONE,HIGH
"Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka ""Microsoft SQL Server Analysis Services Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8669.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. ""eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"MaLion for Windows 5.2.1 and earlier (only when ""Remote Control"" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when ""Remote Control"" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka ""Windows PDF Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was ""At the moment that is an accepted risk. We only have https on the checkout part of the site.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka ""Microsoft JET Database Engine Remote Code Execution Vulnerability"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a ""cross-frame scripting (XFS)"" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions.  NOTE: the vendor disputes this issue, stating that this sequence is not ""removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.""",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Graphics Component Remote Code Execution Vulnerability."" This vulnerability is different from that described in CVE-2017-0014.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka ""Windows Registry Elevation of Privilege Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka ""Windows HelpPane Elevation of Privilege Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Uniscribe Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Uniscribe Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Uniscribe Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Uniscribe Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka ""Microsoft Color Management Information Disclosure Vulnerability."" This vulnerability is different from that described in CVE-2017-0061.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""GDI+ Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka ""Microsoft Color Management Information Disclosure Vulnerability."" This vulnerability is different from that described in CVE-2017-0063.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""GDI+ Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka ""Win32k Information Disclosure Vulnerability.""",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka ""Windows DVD Maker Cross-Site Request Forgery Vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. ""Windows Kernel Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Windows Uniscribe Information Disclosure Vulnerability.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Uniscribe Information Disclosure Vulnerability."" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a ""GET /uir/"" request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Moodle 2.x and 3.x, SQL injection can occur via user preferences.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the ""WebKit"" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the ""Intel Graphics Driver"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the ""WebKit JavaScript Bindings"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is ""a feature, not a bug.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"XML External Entity via "".AOP"" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver ""PST10 WebServer"" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a ""tight"" for loop.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that ""the information contained in the debug report is of marginal significance."" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2).",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.,NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76).",LOCAL,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an ""archaic"" e-mail address in a response.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Stack-based buffer overflow in the ""yyerror"" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Snoopy allows remote attackers to execute arbitrary commands.  NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from ""support"" to ""admin"".",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via ""Rich text"" function of the application ""Space"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.  NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.  NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the ""show log cli"" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.",ADJACENT_NETWORK,HIGH,NONE,NONE,CHANGED,LOW,HIGH,HIGH
"A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system ""The CRCA user's Software"" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via ""Rich text"" function of the application ""Memo"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API ""WorkflowHandleApplications"".",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in unshield 1.0-1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Buffer overflow in xymon 4.3.17-1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"""Dokodemo eye Smart HD"" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"""Dokodemo eye Smart HD"" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in ""Dokodemo eye Smart HD"" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple SQL injection vulnerabilities in SmartCMS v.2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 before 15.1F4-S2, 15.1R before 15.1R2-S3, 15.1 before 15.1R3, and 15.1X49 before 15.1X49-D40 allow remote attackers to cause a denial of service (kernel crash) via a crafted UDP packet destined to the interface IP address of a 64-bit OS device.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a ""Run a plugin"" action.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.",NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of Ethernet frames with IPv6 MAC addresses directly into a connected interface.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.,NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.,NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Function Security.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
"Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database.",NETWORK,HIGH,LOW,REQUIRED,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,LOW
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via vectors related to Expenses Admin Utilities.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Application Service.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Marketing activity collateral.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,LOW
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves an open redirect vulnerability, which allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604.",LOCAL,LOW,HIGH,REQUIRED,CHANGED,LOW,HIGH,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.,NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a ""type confusion.""",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a ""type confusion.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.,PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a ""DOM link manipulation"" attack.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.  NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a ""Content-Security-Policy: referrer origin-when-cross-origin"" header that overrides a ""<META name='referrer' content='no-referrer'>"" element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.,LOCAL,HIGH,LOW,NONE,CHANGED,NONE,LOW,HIGH
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the ""Help Viewer"" component, which allows XSS attacks via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.,NETWORK,LOW,NONE,NONE,CHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c none"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.",NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3420.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3431.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c lzw"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the ""-c zip"" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,HIGH
"Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,LOW
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.,NETWORK,LOW,HIGH,NONE,CHANGED,LOW,NONE,NONE
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the ""Power Management"" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Directory Services"" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the ""Bluetooth"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in mpg123 before 1.18.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states ""The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.,NETWORK,HIGH,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the ""language"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a ""POST / HTTP/1.1"" request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in ES File Explorer 3.2.4.1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.",NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,LOW
"PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating ""the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us.""",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
php-fpm allows local users to write to or create arbitrary files via a symlink attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for ""post-admin"" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when ""boot protocol"" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Emacs 24.4 allows remote attackers to bypass security restrictions.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the ""OBJECT PROTOCOL"" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.,NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.,LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.,LOCAL,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Honda Moto LINC 1.6.1 does not verify SSL certificates.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are ""authenticated"" via an obfuscation routine employing a linear equation.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Improper Authentication vulnerability in the ""LDAP / SSO Authentication"" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the ""SQLite"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Pragyan CMS 3.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple temporary file creation vulnerabilities in pki-core 10.2.0.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,HIGH,NONE
"ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to ""Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at jbig2dec+0x0000000000008fe4.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at jbig2dec+0x0000000000005862.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at jbig2dec+0x0000000000005643.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at jbig2dec+0x0000000000005940.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at jbig2dec+0x0000000000005956.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to ""Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with ""nc -l"" support.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to ""Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to ""Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQL injection vulnerability in Concrete5 5.7.3.1.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a ""Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a ""create-file-popup"" action, and the directory name in a ""create-directory-popup"" action, in the HTTP POST method to the ""/plugin/file_manager/"" script (aka an /admin/plugin/file_manager/browse// URI).",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the ""Groups"" input while creating or editing User Groups.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in ""Applications"" under FortiView.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to "".php"" after originally using the parameter ""filename"" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter ""filename"" properly. Exploitation requires a registered user who has access to upload functionality.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka ""Microsoft Edge Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka ""Microsoft Browser Memory Corruption Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at jbig2dec+0x000000000000595d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a ""User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save.  NOTE: this issue can be leveraged to execute arbitrary code remotely.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to ""Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a ""Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during ""objdump -D"" execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"readelf.c in GNU Binutils 2017-04-12 has a ""cannot be represented in type long"" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a ""member access within null pointer"" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an ""int main() {return 0;}"" program.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the ""WebKit"" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka ""Remote Desktop Virtual Host Remote Code Execution Vulnerability"".",LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka ""Windows DHCP Server Remote Code Execution Vulnerability"".",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to ""Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an ""Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to ""Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an ""airbase-ng -e"" command.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an ""Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an ""Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"".",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an ""Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a ""Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an ""Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a ""User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to ""Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an ""Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to ""Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a ""Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.,ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the ""//"" initial sequence.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint XSS Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka ""Microsoft Edge Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8747.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Windows Kernel Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Moodle 3.x has XSS in the contact form on the ""non-respondents"" page in non-anonymous feedback.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST """" ""Other Users""' command.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"Untrusted search path vulnerability in ""i-filter 6.0 install program"" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in ""i-filter 6.0 installer"" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka ""Microsoft Office Publisher Remote Code Execution"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a ""Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka ""Microsoft Office Remote Code Execution"".",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka ""Win32k Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka ""Graphics Component Information Disclosure Vulnerability.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka ""Windows Shell Remote Code Execution Vulnerability"".",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka ""NetBIOS Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka ""Hyper-V Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.",LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,NONE,NONE
"Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a ""Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to ""Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Cross Site Scripting Vulnerability"".",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an ""Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8749.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the ""Basic Settings"" page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability"".. This CVE ID is unique from CVE-2017-8720.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka ""PowerPoint Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-8742.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka ""Windows GDI+ Information Disclosure Vulnerability.""",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka ""Uniscribe Remote Code Execution Vulnerability"".",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not ""burn"" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka ""Microsoft Graphics Component Remote Code Execution.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
"The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,LOW
"SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,HIGH
"Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
"Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,NONE,LOW
Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.,ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session.",ADJACENT_NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.",LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the ""Import value sets"" permission to execute arbitrary PHP code via the exported values list in a ctools import.",NETWORK,LOW,HIGH,NONE,CHANGED,LOW,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.,LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an ""abnormal exit"" occurs, which allows remote attackers to conduct replay attacks via the session ID.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership.",LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors.",ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during ""Add to home screen"" bookmarking.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.,PHYSICAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the ""/plain"" URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,LOW,NONE
"IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an ""Out-of-bounds memory vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.",LOCAL,HIGH,LOW,REQUIRED,CHANGED,LOW,LOW,HIGH
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,LOW
"Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.",LOCAL,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ""Send as attachment"" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.",NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a ""page ID"" field to the EMSPG2 transaction code.  NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.,LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.,LOCAL,HIGH,HIGH,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the camera permission, aka an ""interface access control vulnerability.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an ""interface access control vulnerability,"" a different vulnerability than CVE-2015-8307.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an ""interface access control vulnerability,"" a different vulnerability than CVE-2015-8680.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the ""redirect"" parameter to ""login.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,HIGH,LOW
Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""have you forgotten your password"" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a ""semaphore deadlock issue.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,HIGH
"Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the ""destination"" parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by ""../../webapps/x.jsp.""",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,HIGH
"SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27597103.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,HIGH
"Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the ""Panda Security URL Filtering"" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document.  NOTE: the primary affected product may be SketchUp.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Universal XSS (UXSS).""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an ""intent scheme URL attack.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the ""OPENSHIFT_[namespace]_SERVERID"" cookie.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532282.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27207275.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27662174.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a ""file injection vulnerability,"" aka HWPSIRT-2016-05052.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,HIGH,NONE
"Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to ""compromise"" a host by leveraging credentials for an Active Directory account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.,NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,LOW,LOW
"The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,LOW
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
"HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237.  NOTE: print_maps is not related to the Vic Abell lsof product.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,HIGH
"media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28471206.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to ""safe mode"" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the ""request system software"" command with the ""partition"" option.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568.  NOTE: The vendor disputes the existence of this potential issue in Android, stating ""This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving ""Lack of field filters.""",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via ""special characters,"" a different vulnerability than CVE-2016-7109.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"RESTEasy allows remote authenticated users to obtain sensitive information by leveraging ""insufficient use of random values"" in async jobs.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6181, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6184.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6183, and CVE-2016-6184.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via ""special characters,"" a different vulnerability than CVE-2016-7110.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors.,NETWORK,LOW,HIGH,REQUIRED,UNCHANGED,NONE,HIGH,HIGH
"The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending ""special packages"" to the LAN interface.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive ""role and permission"" information via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.  NOTE: this vulnerability exists because of a CVE-2015-3280 regression.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for ""Export configuration"" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Drupal 8.x before 8.1.10 does not properly check for ""Administer comments"" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Remote file download vulnerability in wptf-image-gallery v1.03,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via ""Virtual routing and forwarding (VRF) hopping.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,LOW
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,HIGH,HIGH,REQUIRED,CHANGED,HIGH,HIGH,HIGH
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.  NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.,NETWORK,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,LOW,NONE
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to ""input null pointer as parameter.""",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,HIGH,NONE
"Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8822.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8821, and CVE-2015-8822.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.",NETWORK,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,LOW,NONE
"IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
"The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin whizz v1.0.7,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin s3-video v0.983,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin pondol-formmail v1.1,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin page-layout-builder v1.9.3,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin new-year-firework v1.1.9,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin indexisto v1.0.5,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin defa-online-image-protector v3.3,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin admin-font-editor v1.8,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
"The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An unspecified client-side component in Pulse Secure Desktop Client before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1; Installer Service (formerly Juniper Installer Service) and Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before 8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before 5.6r18 on Windows allows local users to gain administrative privileges via unknown vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the ""Save as New"" option when editing objects and leveraging the ""change"" permission.",NETWORK,LOW,HIGH,NONE,UNCHANGED,LOW,HIGH,NONE
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,NONE
"libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,HIGH
"SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,HIGH,NONE
"nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.,NETWORK,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,LOW
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk.  NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
"IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019037 and MediaTek internal bug ALPS02829568.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to ""special characters on pages.""",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.,LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage ""type confusion.""",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,HIGH,NONE
"The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4269.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4269, and CVE-2016-4270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to ""illegitimate parameters.""",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to ""illegitimate parameters.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.,LOCAL,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.,NETWORK,HIGH,LOW,NONE,CHANGED,LOW,LOW,LOW
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.",LOCAL,HIGH,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability via vectors related to Core Services.",LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,HIGH,LOW,NONE
Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Services.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to OPERA.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
"Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators to affect confidentiality, integrity, and availability via vectors related to OPERA.",NETWORK,HIGH,HIGH,NONE,CHANGED,HIGH,HIGH,LOW
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors.,PHYSICAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ExportServlet.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter.,NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.,NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,HIGH
"Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,NONE,NONE
"Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,LOW
"hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.",LOCAL,LOW,NONE,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.",LOCAL,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,LOW
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,LOW
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,HIGH,NONE
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.,LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as ""False,"" which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as ""False,"" which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.,ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL.,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
"IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,HIGH,LOW,NONE
"The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306.  NOTE: the vendor disputes this issue, stating that the ""vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a ""double fetch"" vulnerability.",LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-6746.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"fs/fcntl.c in the ""aufs 3.2.x+setfl-debian"" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",NETWORK,HIGH,NONE,NONE,CHANGED,LOW,NONE,NONE
"WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a ""page lock order bug in the XFS seek hole/data implementation.""",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7853, and CVE-2016-7854.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"GitLab versions 8.9.x and above contain a critical security flaw in the ""import/export project"" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in ""/expPaginator.php"" affecting the order parameter. Impact is Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or "" characters. Impact is Information Disclosure.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Unrestricted file upload vulnerability in the ""legacy course files"" and ""file manager"" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unrestricted file upload vulnerability in the Blog appearance in the ""Install or upgrade manually"" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Blind SQL Injection in wordpress plugin dukapress v2.5.9,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka ""Data from Faulting Address may be used as a return value starting at FOXITREADER.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a ""corrupted suffix pattern"" issue.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka ""Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor.""",NETWORK,HIGH,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in the ""Site Browser > Links pages"" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""Site Browser > Containers pages"" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""Site Browser > Templates pages"" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""Content Types > Content Types"" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an ""OAEP side channel"" attack.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in the ""Site Browser > HTML pages"" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the ""opname in crafted JavaScript file"" approach, related to an ""Out-of-Bounds read"" issue affecting the jsC_dumpfunction function in the jsdump.c component.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted field.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,NONE,LOW,LOW
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,LOW,NONE
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1117.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1062.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-4106.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1090 and CVE-2016-4106.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,LOW
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""Clear History and Website Data"" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.,LOCAL,HIGH,HIGH,NONE,UNCHANGED,NONE,LOW,LOW
"The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,HIGH
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, and CVE-2016-4107.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, and CVE-2016-4104.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, and CVE-2016-4102.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
"IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4092.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a ""SQL Injection"" issue affecting the Administration panel function in the installation process component.  NOTE: the vendor disputes the relevance of this report, noting that ""the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.""",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.",NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4091.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.",NETWORK,LOW,NONE,NONE,CHANGED,HIGH,NONE,NONE
"On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by ""jsinitfunctio%gn.""",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"On Samsung Galaxy S4 through S7 devices, the ""omacp"" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to ""RWX Permissions.""",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
"Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,CHANGED,NONE,NONE,HIGH
"Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-3423.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Processing.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Search Framework.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.,LOCAL,HIGH,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.,NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an ""I/O vector array overrun."" NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D25, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.2 before 14.2R4, 15.1 before 15.1R1 or 15.1F2, and 15.1X49 before 15.1X49-D15 allow local users to gain privileges via crafted combinations of CLI commands and arguments, a different vulnerability than CVE-2015-3003, CVE-2014-3816, and CVE-2014-0615.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors.",LOCAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a ""multicast denial of service.""",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW
"Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.,PHYSICAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,LOW
"The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.",LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command.  NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.,LOCAL,LOW,HIGH,NONE,CHANGED,NONE,HIGH,HIGH
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.,LOCAL,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
"The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the ""Administer block classes"" permission to inject arbitrary web script or HTML via a class name.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.,NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.,LOCAL,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a ""user program block"" protection mechanism via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ePerformance.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,LOW,LOW
"Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",NETWORK,HIGH,NONE,NONE,CHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout.",NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,LOW,NONE
"Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services.",PHYSICAL,HIGH,LOW,REQUIRED,UNCHANGED,HIGH,LOW,NONE
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide.",NETWORK,LOW,LOW,NONE,CHANGED,LOW,LOW,LOW
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,LOW
"Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.",LOCAL,LOW,LOW,NONE,CHANGED,LOW,NONE,NONE
"The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.",NETWORK,LOW,NONE,NONE,CHANGED,NONE,HIGH,NONE
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.,NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.",LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,HIGH,HIGH
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.",NETWORK,LOW,HIGH,REQUIRED,CHANGED,HIGH,LOW,NONE
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via a URLLoader.load call, a different vulnerability than CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.,LOCAL,LOW,NONE,NONE,UNCHANGED,LOW,NONE,HIGH
"The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.,LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by "".*"".",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.,NETWORK,LOW,NONE,NONE,CHANGED,HIGH,HIGH,NONE
"Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0983, and CVE-2016-0984.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0980.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a ""skeleton key.""",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152501 and Qualcomm internal bug CR 1049615.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR 1048052.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30741851. References: Qualcomm QC-CR#1058826.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an ""untrusted information vulnerability.""",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.,LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by ""sudo cat /etc/passwd.""",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1000913.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.",NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.,ADJACENT_NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.",ADJACENT_NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a ""cross-frame scripting (XFS)"" issue, aka Bug ID CSCux64856.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.",NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,HIGH,NONE
"Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.",LOCAL,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.",PHYSICAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.,LOCAL,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.",LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.",LOCAL,LOW,HIGH,NONE,UNCHANGED,NONE,NONE,HIGH
"IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,NONE
"Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,LOW,NONE
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.",NETWORK,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.",LOCAL,LOW,HIGH,NONE,UNCHANGED,LOW,NONE,NONE
"The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.",NETWORK,HIGH,NONE,NONE,CHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the ""import external calendar"" page.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.,NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"In BlueZ 5.42, a buffer overflow was observed in ""pklg_read_hci"" function in ""btsnoop.c"" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In BlueZ 5.42, a buffer overflow was observed in ""pin_code_reply_dump"" function in ""tools/parser/hci.c"" source file. The issue exists because ""pin"" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame ""pin_code_reply_cp *cp"" parameter.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In BlueZ 5.42, a buffer overflow was observed in ""set_ext_ctrl"" function in ""tools/parser/l2cap.c"" source file when processing corrupted dump file.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In BlueZ 5.42, a buffer overflow was observed in ""commands_dump"" function in ""tools/parser/csr.c"" source file. The issue exists because ""commands"" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame ""frm->ptr"" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"In BlueZ 5.42, an out-of-bounds read was observed in ""le_meta_ev_dump"" function in ""tools/parser/hci.c"" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,LOW,NONE
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,HIGH
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0941.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted ExtGState dictionary.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0940.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0946.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the ""strict page permissions"" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available. More Information: CSCvb40597. Known Affected Releases: 1.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593752.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.",LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files ""in browser"" based on our Mail or Drive app. In case of ""a"" tags, this may include link targets with base64 encoded ""data"" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded ""data"" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client (""Reflected File Download""). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.",NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8821.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.",ADJACENT_NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's ""Templates"" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.",ADJACENT_NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.",LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.,NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin tidio-form v1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin infusionsoft v1.5.11,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin photoxhibit v2.1.8,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin e-search v1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin tera-charts v1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin hdw-tube v1.2,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin anti-plagiarism v3.60,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin e-search v1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin simplified-content v1.0.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin recipes-writer v1.0.4,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.,NETWORK,LOW,NONE,REQUIRED,CHANGED,NONE,HIGH,NONE
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.,LOCAL,HIGH,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9035.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9033.,LOCAL,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin pondol-carousel v1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Zotpress plugin for WordPress SQLi in zp_get_account(),NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin parsi-font v4.2.5,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.",LOCAL,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1.VC0.65434 21.1.VC0.65489 21.2.A0.65437.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,LOW
"A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130).",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,HIGH
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.,NETWORK,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,NONE
"IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.",NETWORK,HIGH,LOW,NONE,UNCHANGED,LOW,NONE,NONE
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,NONE
"Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.",NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"Directory traversal vulnerability in file ""jcss.php"" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.,LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.,NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.,NETWORK,LOW,HIGH,NONE,CHANGED,HIGH,NONE,NONE
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.,NETWORK,LOW,LOW,REQUIRED,CHANGED,LOW,LOW,NONE
"The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.",LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99).",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,LOW
"Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the ""server signing = mandatory"" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,NONE
"The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the ""client ldap sasl wrapping"" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which ""'someone' (an attacker) is able to replace files on a PC"" is not ""the fault of WampServer.""",LOCAL,HIGH,LOW,REQUIRED,CHANGED,HIGH,HIGH,HIGH
"The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.",NETWORK,LOW,NONE,NONE,CHANGED,LOW,LOW,NONE
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a ""Show in Folder"" action.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected Releases: 2.2(1).",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,NONE
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases: 15.5(2.25)T. Known Fixed Releases: 15.2(4)E1 15.2(4)E2 15.2(4)E3 15.2(4)EA4 15.2(4.0r)EB 15.2(4.1.27)EB 15.2(4.4.2)EA4 15.2(4.7.1)EC 15.2(4.7.2)EC 15.2(5.1.1)E 15.2(5.5.63)E 15.2(5.5.64)E 15.4(1)IA1.80 15.5(3)M1.1 15.5(3)M2 15.5(3)S1.4 15.5(3)S2 15.6(0.22)S0.12 15.6(1)T0.1 15.6(1)T1 15.6(1.15)T 15.6(1.17)S0.7 15.6(1.17)SP 15.6(1.22.1a)T0 15.6(2)S 15.6(2)SP 16.1(1.24) 16.1.2 16.2(0.247) 16.3(0.11) 3.8(1)E Denali-16.1.2.",NETWORK,LOW,NONE,NONE,UNCHANGED,LOW,LOW,LOW
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,LOW,NONE
"A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
"A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XSS & SQLi in HugeIT slideshow v1.0.4,NETWORK,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4 12.2(50)SE5 12.2(50)SQ5 12.2(50)SQ6 12.2(50)SQ7 12.2(52)EY4 12.2(52)SE1 12.2(53)EX 12.2(53)SE 12.2(53)SE1 12.2(53)SE2 12.2(53)SG10 12.2(53)SG11 12.2(53)SG2 12.2(53)SG9 12.2(54)SG1 12.2(55)EX3 12.2(55)SE 12.2(55)SE1 12.2(55)SE10 12.2(55)SE2 12.2(55)SE3 12.2(55)SE4 12.2(55)SE5 12.2(55)SE6 12.2(55)SE7 12.2(55)SE8 12.2(55)SE9 12.2(58)EZ 12.2(58)SE1 12.2(58)SE2 12.2(60)EZ 12.2(60)EZ1 12.2(60)EZ2 12.2(60)EZ3 12.2(60)EZ4 12.2(60)EZ5 12.2(60)EZ6 12.2(60)EZ7 12.2(60)EZ8 15.0(1)EY2 15.0(1)SE 15.0(1)SE2 15.0(1)SE3 15.0(2)EA 15.0(2)EB 15.0(2)EC 15.0(2)ED 15.0(2)EH 15.0(2)EJ 15.0(2)EJ1 15.0(2)EK1 15.0(2)EX 15.0(2)EX1 15.0(2)EX3 15.0(2)EX4 15.0(2)EX5 15.0(2)EY 15.0(2)EY1 15.0(2)EY2 15.0(2)EZ 15.0(2)SE 15.0(2)SE1 15.0(2)SE2 15.0(2)SE3 15.0(2)SE4 15.0(2)SE5 15.0(2)SE6 15.0(2)SE7 15.0(2)SE9 15.0(2)SG10 15.0(2)SG3 15.0(2)SG6 15.0(2)SG7 15.0(2)SG8 15.0(2)SG9 15.0(2a)EX5 15.1(2)SG 15.1(2)SG1 15.1(2)SG2 15.1(2)SG3 15.1(2)SG4 15.1(2)SG5 15.1(2)SG6 15.2(1)E 15.2(1)E1 15.2(1)E2 15.2(1)E3 15.2(1)EY 15.2(2)E 15.2(2)E3 15.2(2b)E.",ADJACENT_NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.,NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file ""Package"" and ""SourcePackage"" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a ""{"". This allows remote attackers to execute arbitrary Python code.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application.  NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.,NETWORK,LOW,LOW,REQUIRED,CHANGED,NONE,HIGH,NONE
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,LOW,HIGH
"Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers.",NETWORK,HIGH,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"SQL injection vulnerability in the ""aWeb Cart Watching System for Virtuemart"" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
"The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 (""success"") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.",LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.,LOCAL,LOW,HIGH,NONE,UNCHANGED,HIGH,HIGH,HIGH
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""process-execute"" and ""process-spawn"" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"The ""process-execute"" and ""process-spawn"" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"The ""spiffy-cgi-handlers"" egg would convert a nonexistent ""Proxy"" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a ""httpoxy"" attack). This affects all versions of spiffy-cgi-handlers before 0.5.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,HIGH,NONE
"Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.",NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.,NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,NONE,NONE
"EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,LOW,LOW
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.,NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,NONE
"redirect() in bottle.py in bottle 0.12.10 doesn't filter a ""\r\n"" sequence, which leads to a CRLF attack, as demonstrated by a redirect(""233\r\nSet-Cookie: name=salt"") call.",NETWORK,LOW,NONE,REQUIRED,UNCHANGED,NONE,HIGH,NONE
"Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,NONE,NONE,HIGH
"An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.,LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.,LOCAL,LOW,LOW,NONE,CHANGED,HIGH,HIGH,HIGH
"A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,NONE,NONE
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.,LOCAL,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.",LOCAL,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
"When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore (""_"") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.",NETWORK,HIGH,HIGH,NONE,UNCHANGED,HIGH,NONE,NONE
"D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.",NETWORK,HIGH,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,NONE,NONE
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.,NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.",NETWORK,HIGH,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).",NETWORK,LOW,HIGH,REQUIRED,CHANGED,LOW,LOW,NONE
"EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",NETWORK,LOW,LOW,NONE,UNCHANGED,LOW,NONE,LOW
"An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.",LOCAL,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
"programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.",NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.,NETWORK,LOW,LOW,NONE,UNCHANGED,NONE,NONE,HIGH
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.,NETWORK,LOW,NONE,REQUIRED,CHANGED,LOW,LOW,NONE
"Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.,LOCAL,LOW,LOW,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.",NETWORK,LOW,LOW,NONE,UNCHANGED,HIGH,HIGH,HIGH
The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.,NETWORK,LOW,NONE,NONE,UNCHANGED,NONE,NONE,HIGH
"Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.",NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
"Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.",NETWORK,HIGH,NONE,NONE,UNCHANGED,LOW,NONE,NONE
"An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.,NETWORK,LOW,NONE,NONE,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.,LOCAL,LOW,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809.",LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,HIGH,HIGH
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.,LOCAL,HIGH,NONE,REQUIRED,UNCHANGED,HIGH,NONE,NONE
"An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.",LOCAL,LOW,NONE,REQUIRED,UNCHANGED,LOW,LOW,LOW